“We’re too small to be a target.”

It’s one of the most common things businesses say about cybersecurity and one of the most dangerous.

Although most businesses have heard of Cybersecurity Insurance, acquiring a policy can be a bit of an eye opener. In the 1990’s Cybersecurity Insurance was in its infancy. As typically happens over time, vulnerabilities are exposed, risk grows, and needs become apparent. That is just as applicable to a company’s IT infrastructure as it is those insuring it.

2014 was called “The Year of the Retail Breach” with companies like Home Depot, Staples, and Target – to name a few – experiencing cyber-attacks. That year was followed by 2015 and “The Year of the Healthcare Breach” with Anthem and Blue Cross encountering the same.

With COVID, the volume of teleworkers grew exponentially. As a result, a network protecting its users behind firewalls, identity and access management, security services and more was now protecting vacant offices with empty cubicles. The user base was fragmented and increasingly targeted.

All of this contributed to massive increases of Cybersecurity Insurance premiums in 2021. On more than one occasion I’ve heard decision makers say: “We’re too small to be a target” or “We’re not the kind of company that has data an attacker would want to exploit”. Exploitation doesn’t have to mean theft of intellectual property or data. What if your data can be exploited by prohibiting access to it? If your business can’t access its financial, intellectual, personal, or other data your employees can’t work, and no company is too small for that.

I said earlier that acquiring a Cybersecurity Insurance policy can be eye opening and the short historical overview explains why. Insurers are going to ask a variety of questions. Many of them correlate to your susceptibility of experiencing a breach. Notice I didn’t say – being attacked. Being attacked is a given. How so? Phishing emails are an attack.

In your shopping for Cybersecurity Insurance, you should be prepared to answer questions like:

  • Do you have Policies and Procedures?
  • Do you have backups?
  • Do you have next-generation firewalling?
  • Do you have Multifactor Authentication?
  • Do you use passphrases instead of passwords?
  • Do you monitor changes? Is data considered sensitive encrypted?
  • Do you have Security Awareness Training (remember that phishing emails are a type of attack?)

I could go on and on. If you answer is “No” to any of these questions, your premium is going to go up because your risk level is higher. On a side note: If you say “Yes” when the answer is no, it can be a foundation for your claim to be denied and that’s why when a question is asked, it is asked in conjunction with specifics as to how.

Your company’s exposure to a cyber attack has no bearing on its size or recognition as a brand. It is incumbent upon you to acknowledge that and ensure your business has implemented the proper cybersecurity layers of defense. If you are concerned about your cybersecurity position and exposure to risk, you need to partner with Auxzillium. We can do an in-depth assessment of your cybersecurity position whether you need to meet the most stringent levels of compliance or not.

We are experts in the implementation and management of cybersecurity controls and make the best partner to address your information technology cybersecurity needs.       

 

/by
Conquering IT Managed Services Challenges for GrowthManaged IT Services Challenges from Auxzillium