Stricter Cybersecurity Insurance Requirements
Cyber insurance companies in Vancouver are now pushing for user access security, a long-overdue enhancement. This includes, among other measures, multi-factor authentication (MFA), whether users operate on the internal network or remotely. As a result, the practice is quickly becoming a necessity for all privileged and non-privileged accounts.
Cyber insurers did not require having MFA in past cyber insurance renewals. However, it appears that they are tired of paying for data violation claims and have tightened their coverage standards. With the hardening of the cyber insurance market, insurers examine their portfolios and seek customers with security checks that are closer to a higher standard. They have found MFA to be effective at helping them minimize their vulnerability.
According to specialists at Infosec, to defend enterprises from theft, CISOs need to integrate multi-factor authentication (MFA) into their logins. The cyber-insurance and cyber-laws panel at the Vancouver International Summit declared they will provide no coverage to organizations without MFA.
Derek May, a Vancouver-based technology specialist at the HUB International Insurance Brokers, said insurers’ exhaustion of paying data violation claims has had them tighten their coverage standards. He said cyber insurers recognized at the end of last year that they had a cyber-loss ratio of 500 percent. This means that they lost five dollars for every dollar paid for premiums.
Cyber insurance now unites the company, the insurer, and the IT section. It covered the expense of a violation of security measures such as data re-establishment, hardware replacement, and the recruitment of forensics investigators, external lawyers, and external communication consultants, depending on the coverage. However, it does not cover regulatory fines.
In view of the federal government’s planned Canadian Protection Act (CPPA–Bill C-11, presently in its second reading), panellist Ruth Promislow, a Toronto-based partner with Bennett Jones law firm, while focusing on cybersecurity and privacy law, argued that this act is very significant. She hinted that it was capable of levying multi-million dollar fines to a new data protection tribunal.
She also pointed out that most of the common problems that her clients faced involved having insurance cover without MFA, the CEO not liking their MFA, and at other times, a compromised CEO’s email. Another common issue uncovered during an infringement is the amount of data the former company unnecessarily has and should have erased.
What is MFA?
Multi-factor authentication simply implies that you have to go through more than one authentication before logging in to a device or an account. You ought to enter a passcode and scan your fingerprint, for instance, to unblock your phone. Many software companies and other service providers offer this safety feature, so that you can add a security layer to your devices and online accounts. You have to offer several pieces of information for authentication to access a device or account with this feature activated.o
How does MFA protect you?
MFAs are critical in safeguarding you against the threat of hacked passwords. A previous survey indicated that, in 2021, there have already been numerous attack instances that have relied on compromised credentials. Among the cyber attack cases documented in the survey, compromised login details accounted for 61 percent.
If the attacker uses genuine (stolen but true) credentials, your antivirus or other technologies will assume the people accessing your network are who they say they are.
The addition of a second element (two-factor authentication) allows for either “something you have,” “who you are,” or “something you know” to show that it is indeed you logging in. If the attacker compromises or breaks one of these factors, at least one more obstacle still exists before the target system is breached successfully.
Rise in Cybersecurity Insurance for Small and Medium-Size Enterprises in Canada
Market observers claim that Canadian small and medium-sized firms recognize the need for cybersecurity insurance to cover possible technical attacks on their businesses.
An IBM Security 2020 data infringement report noted that 51% of cyber insurance businesses used claims to fund third-party consultancy and law services costs, while they covered 36 percent of victimiser claims. It stated that just 10 percent of cyber-insured firms employed ransomware or extorted claims to reimburse costs.
According to Toronto’s Zensurance CEO, Danish Yusuf, large corporations can engage security personnel and lawyers to pursue complex policies. He said one challenge is the development of policies for smaller businesses, for instance, the neighbourhood coffee shop or carpenters–that are virtually present but do not have robust internet protection.
Cybersecurity insurance is important now more than ever
Whether you are a single employee of a home firm or running your own small business, cybercrime is something you have to be concerned about. This is due to the high level of cyber risks that continue to rise almost every day. Almost everything and everyone may be online: your clients, their information, critical information about businesses, important files, and much more. Imagine what could happen if your company had a privacy infringement that led to criminals accessing or compromising confidential information. Can your enterprise afford to stop the violation, replace lost information and data, comply with customer notification rules, and deal with potential damage to your company’s reputation?
With the continually evolving technology, companies get exposed to more cyber risks. Even if proper network safety and internet protocols can mitigate this danger, they are not enough, since cyber losses still occur. You can be liable for any losses that occur when cybercriminals access your computer or business system and possibly your clients’ personal information. Insurance cover is the greatest way to protect your company from potential risk.
Cyber insurance is a critical element of a complete risk management program in Canada. Few companies can self-finance expensive disputes which may stem from violations of privacy and lost commercial profits if cyber-attacks shut down their activities.
The takeaway
Arming yourself with cybersecurity insurance gives you peace of mind should your company be the target of a cyber attack. However, you will now have to meet strict cybersecurity insurance requirements as insurers make an effort to minimize your company’s risks. This includes relying on multifactor authentication, to make it more difficult for attackers to penetrate your company’s accounts and systems.
You need a well-versed and experienced partner in cybersecurity like Compunet Infotech who will handle the IT end, while you focus on satisfying your customers’ needs and demands. We will also ensure that you get the cybersecurity insurance covers your organization requires. Contact us today to schedule a consultation.
