Best Practices for Lowering Cyber Insurance Costs and Cyber Risk

If your cyber insurance vendor offers discounts for companies who meet high data security and protection standards, they will likely focus on these processes and controls.

With cybersecurity threats on the rise, companies are increasingly taking advantage of cybersecurity insurance. And while cyber insurance can be worth it, it’ll cost you. Last year, U.S. insurers earned $1B in cyber premiums.

You can minimize your premiums by showing your insurance company you’re actively mitigating cyber risks, which is a win-win: lower your risk and secure a more cost-effective insurance plan.

Here are five best practices that are most effective in reducing cyber risk:

1. Build a risk-aware culture. Step one is accepting that every single employee is a risk due to actions such as opening a suspect email attachment, using an infected flash drive or failing to install a security patch on their laptop. Invest resources and time in educating your employees about cyber risks and the measures they can take to protect themselves and the company.
2. Defend the workplace. Ensure all devices connected to a network—from a laptop to a printer to a smart TV—are up to date with the latest security software and patch updates and follow all cyber security management and policy enforcement.
3. Regularly back up all your data. Whether your data is on-premise or in the cloud, protect it with a backup and recovery solution to ensure timely restoration that meets or exceeds the expectations of your business. Today, companies are turning to cloud applications like Google Workspace, Salesforce and Office 365 in accelerating numbers, yet many are still unaware that SaaS providers are focused on ensuring they can recover data lost due to an issue on the service’s end—the providers are not in a position to recover data that was accidentally deleted via user error or maliciously deleted or locked via ransomware, hacking, malware, etc. Prevent data loss and downtime with automated SaaS data backup systems that deliver point-in-time restore.
4. Security by design. One of the biggest vulnerabilities in information systems—and wastes of money—comes from implementing services first and adding security as an afterthought. Build security into your IT initiatives from the beginning and maintain regular tests to track conformance and compliance.
5. Control network access. Companies that channel registered data through monitored access points will have a far easier time spotting and isolating malware. Ensure you have procedures in place to manage the access and permissions of your employees. If an employee leaves, you must have the control to revoke any access they have to company, client and vendor information.

Taking these proactive steps will not only lower your cyber insurance premiums, but also improve your company’s cyber security position. Protection against today’s cyber threats is a team effort so make practicing good cyber health a priority for the entire company.

While there’s no one way to achieve absolute security, there’s a lot you can do to safeguard against attacks, ensure timely identification, be ready to quickly recover, and ultimately keep the attacks from crippling your business if they do occur.

An earlier version of this article first appeared in NetworkWorld.