{"id":10348,"date":"2023-04-14T16:30:44","date_gmt":"2023-04-14T04:30:44","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=10348"},"modified":"2023-04-14T16:30:44","modified_gmt":"2023-04-14T04:30:44","slug":"is-cyber-insurance-worth-it","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=10348","title":{"rendered":"Is Cyber-insurance worth it?"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.17.4″ _module_preset=”default” custom_padding=”||5px|||” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Every day we see stories in the newspaper about cyber-attacks. Years agio they seemed a bit remote, but lately they’ve been getting closer to home.<\/p>\n

 <\/p>\n

Many businesses are responding by taking on cyber-insurance.\u00a0 But is it worth it?<\/h2>\n
\n

When you sign up, you are asked to fill in a form, much like any other form of insurance.\u00a0 We’ve seen these forms get increasingly more demanding and complex.\u00a0 It makes sense that many of our clients ask us to help them compete them, and we do so as a service.<\/a><\/strong><\/p>\n<\/blockquote>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”1_2″ _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Unfortunately, unless you complete these application forms accurately, you may find your insurance company doesn’t pay out on any eveNtual claim.\u00a0 \u00a0<\/span><\/h3>\n

Even worse, unless you meet these insurer requirements, they may decline to offer you cover, or do so at a much higher premium.\u00a0 After all, they are looking to minimise their risk, and just as they don’t want to insure houses that subject to flooding, or young drivers in expensive cars or any other obvious risks, they won’t want to cover you unless you are taking reasonable precautions.<\/strong><\/span><\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_image src=”http:\/\/kinetics.co.nz\/wp-content\/uploads\/2021\/09\/CyberInsurance.jpg” title_text=”CyberInsurance” _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_text _builder_version=”4.17.4″ _module_preset=”default” background_color=”#4CB84A” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

Our first conclusion then is that cyber-insurance doesn’t make sense unless you are prepared to take reasonable steps to protect your organisation first, and to keep those steps in place.<\/strong><\/span><\/h3>\n

[\/et_pb_text][et_pb_text _builder_version=”4.17.4″ _module_preset=”default” global_colors_info=”{}” theme_builder_area=”post_content”]<\/p>\n

So what are the reasonable steps required?<\/h2>\n

Here lies the challenge.\u00a0 What is “reasonable” keeps changing and becoming more intense, and more costly.<\/p>\n

It used to be that patching systems and keeping them up to date, good daily backups,\u00a0 and up-to-date antivirus was enough.<\/p>\n

But that is no longer the case.<\/p>\n

It is now well understood that most hacks either occur through unpatched systems, so that remains important.\u00a0 However people breaching a user’s credentials is increasingly common.\u00a0 THis might be through poor behaviours,simple passwords, common passwords\u00a0 and the like, or it might be through trickery (‘social engineering<\/a>‘)<\/p>\n

How can we stop credential-theft?<\/h2>\n

Firstly,\u00a0 two-factor, or multi-factor authentication (MFA) is the number one defence. So your insurance company will be looking to make sure this is rolled out for all users, on all devices, in your business.\u00a0 But it is not infalliable<\/a> so we need additional layers.\u00a0<\/p>\n

Password complexity means the need for password vaults.\u00a0 It is impossible to have unique and unguessable passwords for every site you use without them.\u00a0 You can assume your email address and at least one or two of your passwords will be leaked into the darkweb somewhere.\u00a0 \u00a0Even worse when your data is exposd through a cyber-event on someone else’s site and your private data might be in the hands of bad actors<\/a>.\u00a0 \u00a0That’s why dark-web monitoring can help.<\/p>\n

Education is another vital step.\u00a0 The insurer will probably want to see regualr awareness training, and phishing testing<\/a> in place.<\/p>\n

What about straightout system breaches?<\/h2>\n

It is easy to click on a link that takes you to an infected website.\u00a0 Once there, malware loads on your device, and spreads through any network that you are attached to.<\/p>\n

An insurer will be looking for a range of tools to defend against this.These include:<\/p>\n