Cyber insurance insights: Often simple precautions are missing

8. October, 2020

Cybersecurity not only employs IT service providers and companies, but also increasingly the insurance industry. While security providers focus on the technical side, insurance companies mainly offer financial risk transfer.

Evaluation of damage cases with SMB

Cyber insurance provider Coalition published extensive findings from the incidents of its customers in the first half of 2020.[1] The data is mainly based on small and medium-sized companies from the USA and Canada. It shows interesting insights and trends – for example, that companies of all industries and sizes are affected. Attacks appear to be widespread and incidents can be expected anywhere and at any time.

COVID-19 as a booster and „door opener“

Good news first: The home office wave has only led to a limited increase in attacks. The bad news: The attacks were much more successful – due to the new circumstances.

The study also reveals significant differences between the platforms used. For example, companies using Microsoft Office reported security incidents three times more frequently than Gmail users. In terms of malware classes, ransomware continued to lead the way with more than 40%.

Many events of damage avoidable

A key finding concerns the status and maturity of security measures in companies. The full scope of cybersecurity still seems to have not yet been sufficiently addressed by those responsible in small and medium-sized companies. Often the simplest and most fundamental precautions are not implemented or only in fragments. Many malfunctions and losses could have been avoided very easily. These two simple best-practice methods help effectively and can be implemented at low cost:

  • Regular, up-to-date and unalterable offline backups to protect the most important systems and data from ransomware attacks
  • Multi-factor authentication to significantly reduce the loss and misuse of user identities

Insurance can – to a limited extent – compensate for financial losses, but the full extent of successful cyber attacks is never completely reversible. Damaged reputations and lost contracts often have a delayed impact on business.

For secure operations, companies therefore need to be aware of the real risks of cyber attacks on the one hand, and on the other hand they need to comply with basic precautions at the technical level.

Linktipps:

Working safely from home

Three years after NotPetya: 5 tips for your business

[1]https://www.coalitioninc.com/blog/coalition-releases-new-2020-cyber-insurance-claims-report

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download