Cyber security insurance becoming harder to obtain: Ensure your systems are protected

A recent annual report published by Sophos reveals that cyber security insurance is becoming harder to obtain in the current scourge of data breaches and attacks. South African companies report over 110 cyber security incidents every month, making insurance more expensive and difficult to come by.

Companies that invest heavily in their cyber security and defence systems are more likely to be granted insurance and payouts in the event of a successful attack. Those organisations that neglect their cyber security are highly unlikely to be paid out after a data breach or ransomware attack.

The Sophos report reveals that ransomware is a major driver of cyber insurance purchases and claims. However, distributed denial of service (DDoS), phishing, viruses and other cyber threats are also rife in South Africa. Cyber insurance companies are becoming more strict with their policies to reduce their payouts.

More findings from the Sophos study

Sophos commissioned a renowned research agency, Vanson Bourne, to conduct the independent study of 5600 IT professionals from 31 different countries. These respondents worked in a vast array of industries.

Once the data was collected, it was revealed that 92% of IT professionals say that their companies have some level of cyber security insurance coverage, with 83% stating that their coverage includes ransomware attacks.

Despite this, the cyber insurance industry has hardened its stance on coverage and payouts. This means that companies with cyber insurance still need to make additional changes and take extra steps with their protection systems and protocols.

By implementing new technologies and services, improving staff training and changing security processes, companies are trying to entice insurance companies to cover their IT systems. This is happening across the globe.

Getting cyber insurance is difficult

Qualifying for cyber security insurance is no easy feat. It requires a concerted effort by a company to minimise its risk profile and ensure that all IT systems are adequately protected. The smaller the risk, the better the coverage, rates, terms and limits imposed by insurance underwriters.

Companies that want to obtain cyber security insurance need to have existing and advanced security measures in place, alongside well-trained staff through ongoing user awareness sessions. These defence systems need to be updated regularly and overseen by an IT department or an experienced managed services provider (MSP).

To improve your chances of obtaining cyber security insurance, start by implementing stronger security practices. These include multifactor authentication (MFA), firewalls and user awareness training for all staff. You need to meet industry standards and implement security best practices to demonstrate to insurers that you are taking every necessary step to protect your IT systems.

You might consider getting certified for cyber security, through ISO 27001 or NIST Cyber Security Framework (CSF). Obtaining a certification is a great way to show insurance companies that you take threats seriously and that you are committed to protecting your data.

Be transparent with your cyber insurance company when it comes to your policies and security posture. This will help them assess your risk and make a better decision on what type of coverage to offer your company. Show them your security incident response plan and any reports from recent security tests, upgrades or data backups.

Lastly, work with a trusted cyber security services provider to ensure that your IT systems are covered by advanced measures. Professional MSPs can implement the right security protocols for your needs and oversee their ongoing functionality. When patches and upgrades are released, your security partner can implement the changes on your behalf.

SEACOM offers numerous cyber security services to enterprises in South Africa. These include DDoS protection, hosted security, endpoint protection and enhanced email to name a few. For more information about our cyber security services or to get a quote, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.