Cybersecurity insurance, Risk Assessments/Management

New Cyber Insurance Study Correlates Weak Security With Incident Risk

Share

A new cybersecurity study by reinsurance broker Gallagher Re found that the common wisdom around security monitoring and performance across businesses is correct – that strong security protections correlate to fewer security breaches and incidents, while poor protection adds up to higher rates of insurance claims and problems.

The 20-page global study, “Scanning the Horizon: How Broadening Our Use of Cybersecurity Data Can Help insurers,” evaluated some 589 million IP addresses to correlate cybersecurity risk predictors.

MSPs can help their customers fight these kinds of risks by improving their cybersecurity practices with strong cyber hygiene while also limiting their attack surfaces by removing insecure devices from the internet and closing their paths to the outside world, Derek Vadala, the chief risk officer of Bitsight, told ChannelE2E. “MSPs should proactively share objective evidence validating their effectiveness with customers.”

The Gallagher Re study evaluated analytics data from global cyber risk management specialist, Bitsight, which looked at security performance data of 62,000 organizations across 67 countries and from its own proprietary database of cybersecurity incidents and claims.

Among the key findings are that organizations can fight such attacks and improve their protections by taking stronger actions, including by evaluating external scanning data to identify and remove the most damaging 20% of risks while also dramatically reducing the number of IP addresses that it maintains to avoid attacks. 

“The consistent theme is that there are essential cyber hygiene measurements that are strongly correlated to the risk of experiencing an incident, and that not doing these basic measures will affect you regardless of the size of your organization,” Vadala told ChannelE2E. “All companies can leverage this information — from large enterprises to small businesses alike.”

Identifying Cybersecurity Risk Factors

Other key predictors of cybersecurity risks include that, as enterprise technology stacks grow inside companies, potential attack surfaces also increase. In addition, keeping IT systems patched and updated for everything from HTTP header policies to proper deployment of SSL certificates, adequate DNS security, proper endpoint management, and more helps take care of the basics that can measurably reduce the risk of incidents.

“MSPs can leverage this information by helping their security customers understand and fix the major programmatic areas that are strongly correlated to breach –  for example, focusing on vulnerability management and improving the rate at which critical and severe vulnerabilities are patched quickly,” Vadala said.

“Companies need to focus on some of the basic cyber hygiene requirements — reducing their Internet-exposure, deploying patches quickly, and implementing strong endpoint protection. By doing these basic things well, they can dramatically lower their risk of incidents.”

The Gallagher Re/Bitsight study concludes that its findings, insights and analyses can be used by other businesses “to prioritize their program investments, lower the probability of experiencing an incident, and make critical risk decisions.”

Cybersecurity and Insurance are a Growing Concern

More MSPs and MSSPs today are looking at how to make sure their clients are deploying and running the right kinds of security protection while also working to ensure that they have the correct types of cyber insurance, which can limit their liability in the event of an attack or security incident.

One such case was discussed at the recent MSSP Alert Live event, which involved a lawsuit filed in March against an MSP, LanTech. The case stemmed from a costly ransomware attack against one of its customers.

Todd R. Weiss

Todd R. Weiss is a contributing editor to ChannelE2E and MSSP Alert. He is an award-winning technology journalist and freelance writer who covers the full range of B2B IT topics. He served as managing editor at EnterpriseAI.news and was a staff writer for Computerworld and eWeek.com. He is a diehard Philadelphia Phillies, Eagles, Flyers and Sixers fan and says he is the world’s worst golfer.