Intelligent CIO LATAM Issue 11 | Page 55

FEATURE : RANSOMWARE
For example , a single ransomware attack on a third-party provider could be catastrophic ; carriers who insured many companies using the SolarWinds software would have faced huge losses as a result of the 2020 attack . In turn , as insurers attempt to spread their own risk through reinsurance , reinsurers are also tightening their own guidelines and reducing coverage .
Organizations seeking coverage will have to ensure their security posture is up to scratch
The upshot is , in order to both secure coverage and help prevent the complete destabilization of the cyber insurance system , organizations will have to tighten up their security posture . During the underwriting process , insurers will be selective with risks and , as already stated , will be ready to walk away if anything is amiss .
Therefore , organizations seeking coverage will not only need to know the key controls for ransomware attacks from back to front , they will also need to be prepared to be fully transparent about their security stack and be able to justify the extent to which it mitigates risk . This level of cyber maturity and leadership isn ’ t always readily available in many organizations .
As well as altering terms of coverage such as price and limits , insurance providers are also instituting demands on policies that require compliance with key security measures . For instance , some carriers are including security controls such as Endpoint Detection and Response ( EDR ) systems and patching schedules and other requirements in order to satisfy themselves that their insurance model is sustainable .
The problem is , many organizations are still viewing this as an either / or proposition , driving losses and – in a vicious cycle – contributing even further to the dramatic changes in how insurers are pricing risk at the moment .
As with any type of insurance , uncertainty leads inevitably to higher costs and fewer options . In order to protect themselves from the ever-evolving threat of ransomware , companies need to stop choosing between investing in a better security stack or getting insurance cover – they now need to do both . p
Thom Langford , Global Security Advocate at SentinelOne
Furthermore , research suggests that organizations that see a decline in ransomware attacks and payment claims through the prioritization of prevention and recovery procedures will go a long way with cyber insurers towards securing coverage . In turn , these companies can implement cyber insurance as another valid component of a robust security risk strategy , helping it become far more valuable to their business than a simple transfer of risk .
Security and insurance can ’ t be an either / or proposition
In the modern ransomware threat environment , two things are certain . Firstly , to qualify for cyber insurance or renewal , organizations ’ technology stacks have got to meet certain high standards .
Secondly , organizations have got to transfer some of the risk of a ransomware attack and obtain insurance as a key part of their cyber-risk and recovery strategy .

ORGANIZATIONS HAVE GOT TO TRANSFER SOME OF THE

RISK OF A RANSOMWARE

ATTACK AND OBTAIN INSURANCE AS A KEY PART OF THEIR CYBER-RISK AND

RECOVERY STRATEGY .

www . intelligentcio . com INTELLIGENTCIO LATAM 55