Cyber Insurance: The Reality from the Infosec Frontline
Explore the findings of a Sophos-commissioned study into the cyber insurance experience of 5,600 professionals working at the infosec frontline. It reveals how their experience of obtaining cyber insurance coverage has changed and the impact of cyber insurance on their cyber defenses.
With ransomware a major driver of both cyber insurance purchase and claims, the study also shines light onto how often cyber insurance policies pay out in the event of an attack and the types of costs that are addressed, including how often insurers pay the ransom.
Good Cybersecurity Controls Can Help You Secure Affordable Cyber Insurance
Cyber insurance is all about managing risk and cost. By minimizing the risk of experiencing a cyberattack, you reduce the risk for your insurer, which in turn makes it easier to get the insurance cover you need.
To reduce risk, insurance providers increasingly stipulate strong protection requirements as a condition of providing cover. Here are the top cybersecurity controls to consider:
Multifactor Authentication (MFA)
Secured, encrypted, and tested backups
Email filtering and web security
Cybersecurity awareness training and phishing testing
Logging and monitoring/network protections
Vendor/digital supply chain risk management
Endpoint detection and response (EDR)
Privileged access management (PAM)
Cyber incident response planning and testing
Hardening techniques, including Remote Desktop Protocol (RDP) mitigation
End-of-life systems replaced or protected
Patch management and vulnerability management
- The cyber insurance market and how risk is modelled
- An insurer’s view on the three Cs — Coverage, Capacity and Claims
- How to best prepare for your cyber insurance renewal
- The 12 keystone cybersecurity controls that insurers look for when assessing risk
- Live Q&A panel discussion from our session speakers
Please note that Sophos is not a licensed insurance producer and does not sell, solicit or negotiate insurance products. By providing access to any third-party websites, (a) Sophos is not recommending or endorsing any such third parties, including any insurance producers and carriers, or any products or services offered by such third parties, and (b) any materials or links contained on its website are intended merely to provide information. To the extent you access a third-party website from a Sophos website, please be advised that Sophos does not investigate, monitor, or check any third-party websites, or the content of such websites, for accuracy, appropriateness, or completeness, and you are solely responsible for your interactions with such third parties.
Sophos Incident Response Guide
Based on the real-world experiences of the Sophos Managed Detection and Response and Sophos Rapid Response teams, the Sophos Incident Response Guide help you prepare to respond to a cyber attack.
- Define the framework for your cybersecurity incident response plan
- Learn the 10 main steps your plan should include
- Understand the role managed detection and response (MDR) services play in supporting your plan