Facet Blog

Cyber Treats: “We’ll Get to It Later?”

December 5, 2024

Paying a premium? Make sure you qualify for the payout.

Cyber liability and data breach insurance policies can protect your business in a cyber attack, but only if you have the required protections in place.

Picture this: A mid-sized manufacturing company felt their cyber insurance requirements were mostly “paperwork.” They had basic security in place but skipped implementing the EDR solution their insurer strongly recommended. Fast forward three months, and they’re dealing with a ransomware incident that their insurance won’t fully cover because their security didn’t meet the baseline requirements.

It’s more than box-checking…

  • Requirements are based on real attack patterns insurers are seeing right now (and trust me, cyber insurance payouts only keep rising, so the goal is to prevent expensive attacks)
  • Each requirement typically protects against multiple threats  – like a 2-for-1 deal on your security controls
  • Insurers spend millions gathering threat intelligence, so the recommendations are generally sound
  • It’s not uncommon to detect and stop an attack in progress while implementing insurers’ requirements, like upgrading from antivirus to endpoint protection!

Pro tip: Don’t wait for your renewal to check your compliance. Make sure you have the necessary protections in place to qualify for payouts if you experience a breach.

Do you pay for cyber liability or data breach insurance, but aren’t sure if you’re meeting requirements?
We decode tech-speak for business leaders and can help strengthen your defenses to avoid that claim in the first placeSchedule a call by clicking here.

Cyber Treats Bonus Links

A good reminder when you’re Googling to find holiday gifts (from Wired): Malicious Ads in Search Results are Driving New Generations of Scams
Side Note: this is also a decent argument for including your company name as a keyword if you do any pay-per-click advertising. Not only does it prevent competitors from occupying that top spot, but also prevents malvertising under your name.

The same group behind the MGM hack also orchestrated a phishing scheme that cost businesses millions (from ArsTechnica): 5 charged in “Scattered Spider,” one of the most profitable phishing scams ever
What may be most interesting to business leaders here is the attack vector: text messages that claimed to be from internal IT departments, instructing victims to click on a link to avoid account deactivation. Phishing schemes often cultivate a sense of urgency to lower victims’ defenses.

Thanks for reading Cyber Treats. See you next week!