News & Blog

How To Better Manage Your Data to Reduce Cyber Insurance Costs in 6 Steps

Discover the 6 steps you can take to keep your monthly premium payments to a minimum and reduce your cyber insurance costs!

Posted on 21 July 2021

Real World ROI from Archiving and eDiscovery

It is like a headline stuck on repeat- Ransomware attacks are escalating at an alarming rate, with ransom requests increasing exponentially.  If your business is handling sensitive data and relies on digital tools such and email and file for data communications and content sharing, then you should be investing in cyber insurance. Some organisations may see this type of protection as a luxury, but nothing could be further from the truth. No business is immune to cybersecurity risk. The article will give you some stepping stones on how to reduce your cyber insurance costs.

How is this Escalation Having an Effect on Cybersecurity Insurance?

Ransomware attacks is not a new topic but the frequency and severity of them are becoming a leading factor behind a substantial increase in the cost of acquiring cybersecurity insurance. Cyber insurance companies are trying to keep ahead of loss costs that are getting out of control.

In a report, titled Cyber Insurance: A hard reset, Howden reported that global insurance pricing has increased by an average of 32%, just under a third, year on year (YoY) in June 2021.

Keep reading to discover the 6 steps you can take to keep your monthly premium payments to a minimum and reduce your cyber insurance costs!

Higher Cyber Security Standards

Prepare, prepare, prepare.

While cyber insurance may offer some financial cover, the hefty monthly premiums may make you think twice about signing up. There are also now more demanding requirements for organisations to show evidence of preparedness, resilience, and the correct form of risk management practice. Organisations not meeting these conditions can be faced with higher monthly premiums than those that are.

“The impact on insurance buyers is stark; the importance of being prepared for a cyber-attack has never been clearer. With insurers now demanding markedly higher cybersecurity standards before deploying capacity, businesses need analytical solutions designed specifically for them, combined with focused, expert intermediation to help them secure the coverage that meets their need,” said Simkin.

Why Cyber Insurance?

Businesses of all sizes are vulnerable to the loss of their data or the breakdown of their critical business resources. These days business data includes much more than just sensitive data that you are trying to protect, it includes, proprietary information, marketing data, contracts, product specification and research data, customer service history, internally generated information and much more.

Losing this data or not being able to access it can cause not only serious distress, reputation, and financial damage to the business, but also financial costs involved in remedying the breach, including the cost of notifying customers and having to pay an assortment of financial penalties.

Cyber insurance policies were intended as a risk management tool to help businesses carry on with a range of digital interruptions that can intrude with normal running activity.

Here is a recent article, written by Waterford Technologies and O’Leary Insurance with commentary from Matheson Legal that covers how cyber liability insurance can help with GDPR. Expert Insight into your Data Management Journey, Challenges, Costs, and Solutions around eDiscovery, DSAR’s & FOIA’s

Rising Costs

The rising costs of insurance should be an added incentive for the organisation to take their cybersecurity and management more seriously. With cyber insurance companies becoming more watchful about their conditions that need to be met before issuing cover.

How to Reduce Cyber Insurance Costs

Having better visibility into your email and file data, with better controls, greater employee awareness could potentially lower your insurance premium if you can prove these to your insurance provider.

Here are 6 steps you can take to reduce your cyber insurance costs.

1. Create an incident response plan.

A cybersecurity response plan is your guide whenever your data or resources have been compromised in some fashion. It should include information on several things such as.

  1. Identifying the most vital and sensitive data and where it is stored in your business network. A third part solution that can identify and search through unstructured data can help here. 
  2. Defining who can access it and when they accessed it.
  3. How data breaches are recorded and contained
  4. Who make cyber security decisions and how?
  5. How breached are reported to affected bodies.
  6. How to prepare to modern day threats and stay compliant with data regulations.

2. Effective Security Training

  1. The most advanced data management and security tools and practices in the world will not help if your employees are oblivious of them. You need to ensure that your employees receive continuous awareness training in your data security processes and procedures.

3. Focus on Security Behaviours

  1. Cyber security is an on-going, constantly advancing activity. It therefore requires continuous monitoring, data collection, and analysis combined with up-to-date industry knowledge. Though some insurance companies require external assessments, even where this is not the case, having an independent party assess your data security systems can be very telling.
  2. A data risk assessment; takes into account your data content, context, access and protection, enables organisations to gain a more complete understanding of their data security posture and to apply appropriate remediation. The Getvisibility Scan and Data Risk Assessment compiles the information from various sources and arrives at an aggregated overall risk score, giving an overview of the current data risk posture, which can be a key step in this process. 

4. Using third-party services to help with data archiving for better Back Up.

  1. Backups for protecting file data should be considered as only partial protection as in many cases they are not taken as frequently as they should, and versions not retained for long periods of time.  Depending on how and where the backups are stored, they too can be infected.  Microsoft and AWS both offer immutable Blob storage options that prevent objects from being written over or deleted until a specific retention period has passed.  In addition, some storage vendors offer Litigation Hold options that would protect file objects from being deleted until the hold has been released.  These setting are at the container or bucket level. 
  2. Retention or Litigation Hold also protect the containers/buckets from storage account deletion and/or container deletion.
  3. Third party email and file archiving solutions can help identify the most vital and sensitive data and where it is stored in your business network.

5. Data Minimisation to Reduce Company Risk

  1. The less data you have, the less risk you have in committing a data breach as once you obtain data, you are responsible for it. With email and files being sent multiple times a day, it is vital to understand and comply with the correct regulations. Under regulations it is necessary to restrict access to personal data with robust privacy policies if it is not needed for a legitimate business purpose or if the data subject has not consented. A strategic approach to organising and managing your data minimisation will reduce the chance of any data breaches or leaks. Data minimisation is the main principle when it comes to data protection so don’t collect data you don’t need.

6. Protecting Critical Documents and File Data from Attack or Destruction

  • Immutable storage is for organization-critical file data that you simply cannot lose. This data may be required regulatory compliance, business operations, project plans, financial documents, contracts, etc.  All TripleLock archives use immutable storage which protects your critical documents and files from being encrypted by Ransomware, deleted either accidental or intentional, until the retention period that you have defined for the Archive has expired.  TripleLock helps you in meeting regulatory or legal retention requirements for some types of information that requires an additional level of protection.

In Conclusion

In today’s business environment, having cyber insurance is almost always a good thing– especially if most of your operational activity happens in the cloud or on older in-house legacy systems. If you are considering a cyber insurance policy, then it is time to get your cybersecurity standards in order unless you want to face surging premiums.

Waterford Technologies can help you reduce cyber insurance costs by helping you prove that you have the policies in place around, data minimisation, immutable file storage for critical documents and identification of your most critical information. The next time your insurance premium is up using a third-party email and file management solution like MailMeter and SISCIN could save you big bucks. Paying for itself many times over.

[zcwp id = 1]