NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Videos
    • Glossary
    • Infographics
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Is Cybersecurity Insurance Leading to More Lax Security?

May 15, 2020

  • Blog
  • Archive
  1. Home
  2. Blog
  3. Is Cybersecurity Insurance Leading to More Lax Security?

At an event earlier this year, I had the opportunity to meet with several organizations and the topic of Cybersecurity Insurance was at the forefront of our conversation. Without question, cybersecurity insurance is gaining popularity amongst companies, who, in today’s threat environment, are constantly besieged by both internal and external threats. Is cybersecurity insurance a valid way to insure from damage against assets, data, customers, branding, and ransom cost related to ransomware?

During the discussion, it was interesting listening to the challenges companies are faced with when it comes to spending dollars to improve their security posture. In security, there has long been an ongoing struggle around how you associate a dollar amount around the cost of better securing your organization against cyberthreats. While it is very easy to take some of the well-known breaches over the last few years and leverage the monetary value associated with them as a comparison, how can companies better relate to their industry a monetary value as a result of being breached so they can justify the spending necessary to mature their security posture? Welcome to the table Cybersecurity Insurance….

It’s hard to say how many security breaches go un-detected as a result of the companies being smaller in size and not having social or news presence of mainstream media, which truly is a dis-service to some of these small-medium companies that are suffering as a result. While larger companies might present a bigger target, smaller and mid-sized companies continue to take the brunt of more targeted cyberattacks, resulting in them complying with the criminals demands and, in many ransomware attacks, for instance, paying a monetary fee to the criminals to reclaim access to their data. And, even paying the ransom is no guarantee that the victimized company will regain access to their data.

But why aren’t these victimized organizations more focused on maturing their security posture in the first place? Why aren’t they investing in technology and people to secure their organization, its people, and its assets? A common misconception is that that personal information, such as name, address, telephone numbers, credit card numbers, and bank information is the only thing these criminals are after, and this is not true. While this type of information might bring a higher selling value on the black market, small to medium-sized businesses tend to suffer more from breaches that negatively impact their ability to operate. This can be anything from database compromise, file system encryption, network disruption, or privileged identity compromise.

How does this relate when we talk about cybersecurity insurance? An interesting (alarming?) trend is that smaller companies are investing in cybersecurity insurance to cover their ransom fees and operation fees associated with a breach—but what are they doing to better position themselves against the breach? I’m troubled with the concept that cybersecurity insurance comes with a false sense of security to some of these companies because they would rather spend the money on the insurance with the mindset that it will help cover their costs associated attributed to the breach, but that’s money they aren’t investing to better mature their company’s security posture.

Is cybersecurity insurance lending itself as a crutch to vulnerable companies instead of empowering them or forcing them to be better stewards of their security program? Cybersecurity insurance, as a relatively new and growing practice, will continue to evolve and mature. With time, cybersecurity insurers will enforce minimum standards which will develop into best practices. They will need to put forth their own regulations for their customers to adhere to in order for the insurance to stay valid. This will take time to mature and develop. Hopefully, it will force thosecompanies they are insuring to better position themselves against cybersecurity breaches.

I’ll end this with a thought… We insure our valuables in case of an accident. Whether it be car insurance, homeowner’s insurance, renter’s insurance, etc. When you’re driving your car and your brakes are bad, or the tires are leaking air from wear or a puncture, what do we do? We fix it—we spend the money to replace the brakes, we spend the money to replace the tire so that we lower our risk of being involved in an accident. Likewise for homeowner’s insurance. If we have a roof that is old or leaking, or even a front door that doesn’t close, we fix it, we replace it, we spend the money to do what we must to prevent theft, damage, or accidents from occurring. But wait, if we have insurance, why fix it, insurance will cover us!! I feel the concept is the same as it relates to cybersecurity insurance.

While we can’t predict or anticipate when a compromise is going to occur, companies should be wary of leaning too heavily on cybersecurity insurance to bail them out. Instead, they should be looking at how they can better position themselves to prevent a breach and leverage their cybersecurity insurance as a last resort when all other avenues have been exhausted.

Photograph of Christopher Hills

Christopher Hills, Deputy Chief Technology Officer, BeyondTrust

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

IDSA Report: 2022 Trends in Securing Digital Identities

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Infographics
  • Podcast
  • Videos
  • Webinars
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.