Last year saw an unprecedented number of ransomware attacks on school districts across the country. Experts predict that cyber insurance premiums will continue to increase, and insurance companies will be more critical about what organizations they insure. So, what is cyber insurance and what can your district do to appeal to insurance companies?
What is cybersecurity insurance and why is it important?
Cybersecurity insurance protects institutions against financial losses caused by cyber incidents, including data breaches and theft, system hacking, ransomware extortion payments and denial of service. Any organization, whether it is a school or business, can be the next target. Cyber criminals often programmatically look for targets and attack small organizations because they can be easy targets and often lack cyber maturity. Schools store a large amount of sensitive information in their systems. This can include operational, staff, community, and student data.
Cyber security insurance typically includes privacy protection coverage for students and their family’s financial information ensuring legal compliance if and when the worst happens, Cyber insurance can also provide a source of funding in case of cyber extortion, and protection of your school’s reputation and infrastructure.
What key elements should schools look for in a policy?
There are several types of cybersecurity insurance coverage. First-party coverage provides financial assistance to help an insured business with recovery costs. Depending on the type of cyber incident, a policy generally covers investigation of the incident, a risk assessment of future cyber incidents, lost revenue due to business interruption, ransomware attack payments based on coverage limits.
Cybersecurity liability coverage protects a business when a third party sues the policy holder for damages resulting from a cyber incident. Liability insurance is beneficial for schools when a data breach leads to lawsuits by the impacted individuals.
How to choose a cybersecurity insurance policy/what is the cost?
Typically, cyber insurance pricing is based on the insured entity’s annual revenue and industry. To qualify for coverage, the individual or entity typically must submit to a security audit by the insurance company or provide documentation with the assistance of an approved assessment tool, such as that offered by the Federal Financial Institutions Examination Council (FFIEC). The results from a security audit or the documentation from approved assessment tools will factor into the types of coverage provided by the cyber insurance provider, as well as the cost of the premiums.
Bottom line, here are 10 things insurance providers look for when issuing or renewing insurance:
Here is a list of common things cyber insurance providers look for when evaluating issuing new policies, coverage limits, deductibles, or renewing your insurance.
1.) Multifactor authentication (MFA). MFA requires users to verify their identity by providing two forms of identification: a username and password, and another form of your choice.
2.) Email quarantining and screening. The first line of defense against ransomware is strong protections from email scams and attacks.
3.) Antivirus software: In addition to protecting your organization, having a digital protection plan will look good to insurance underwriters.
4.) Employee training on cyber security: Training to self-detect suspicious emails and other cybercrime tactics can further strengthen your organization’s internal security and insurance application.
5.) Strong patching policy: Underwriters appreciate seeing IT teams that have thorough plans in place to keep systems updated.
6.) Operational continuity plan: An operational continuity plan covers what steps you and your district would take to ensure organizational continuity and function in the event of a cyber-attack.
7.) Encryption of sensitive data: Underwriters want to know that you are taking every possible step to protect your sensitive data. This can come in the form of encryption, regular backups, and multiple data storage spaces.
8.) Endpoint Detection and Response tools (EDR): EDR is a tool that continually monitors data desktops, laptops, and other devices. With so many different endpoints within districts now, automating, or outsourcing monitoring is essential.
9.) Local admin rights removal: Removing unnecessary local administration rights is a powerful way to reduce cyberattacks and defend against both external and internal threats.
10.) Both human and computer users abiding by least privilege: You should ensure that least privilege and application control are enforced across all human and non-human accounts. Least privilege enforcement reduces the attack surface and protects your organization against threats.