Qualys comments on the topic of cyber insurance

Thales veröffentlicht seinen Global Data Threat Report 2021

Cyber Insurance

Today, more than ever, companies are under pressure to be adequately protected against external attacks. Hacker attacks on companies are regularly made public – and these are just the tip of the iceberg. The number of ransomware attacks on companies has increased significantly in recent years. They are therefore looking for solutions to protect themselves against the enormous financial damage caused by a shutdown of their systems – often in connection with data theft. Insurance specifically designed to protect against financial losses, so-called cyber insurance, is currently experiencing an upswing.

The corona pandemic has fundamentally changed the world of work. Companies are now increasingly relying on remote work, many processes are being digitized and there are more and more assets in companies. Criminal hackers benefit from having more attack vectors available through undiscovered assets, which is why ransomware attacks are becoming more frequent. The premiums of cyber insurance companies are also rising as a result, because they must be able to cope with the ever-worsening threat situation caused by cyber attacks.

A detailed look at the services of a cyber insurance company shows that some of the guidelines policies provide protection for “bystander attacks”, others do not. Bystander attacks are a risk in which a specific attack by a nation-state affects the IT systems of other companies that use the same applications or IT configurations, and these are hit within the radius of the attack. Also, if you are not the actual target, you may be affected in the same way.

The ransomware “Petya” in 2017 is a good example of this. The attack was aimed at Ukrainian companies, but other companies around the world were also affected. This insurance guide against bystander attacks is a step in the right direction – even if state actors carry out attacks specifically aimed at other nation-states, the impact on other companies should not be ignored. This type of risk should be covered by cyber insurance, because the policies should be designed to fully cover all risks.

The special guides of cyber insurance are of particular importance in that they are part of a larger trend in the field of cyber insurance. The guidelines are getting stricter and stricter – the insurer has to prove that the attack is connected to nation states, or that he uses data from the attacked country as part of his proof. Due to the specific requirements in connection with cyber insurance, it is therefore advisable for the management teams in the company to fundamentally rethink their IT security strategies. Instead of counting on insurance protection only in the event of a successful attack from the outside, companies should rather rely on preventive measures to protect their assets. If these are recorded without exception, continuously monitored and managed, then vulnerabilities can be detected before they are exploited or it is possible to react to ongoing attacks in order to contain the damage. There are providers like Qualys that offer all-round protection in real time with asset management and verification solutions. An investment in basic security programs pays off for companies in the long run. In this way, you take your IT security into your own hands and are not dependent on cyber insurance coverage.

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: