Cyber Insurance Premiums Are on the Rise. Zero Trust Can Help.

Bryan Christ

December 7, 2021

In the last 18 months, we have seen ransomware attacks cripple critical infrastructure, disrupt supply chains, and place significant financial burdens on thousands of businesses. The impact of these attacks have been sweeping and now organizations have another outcome to deal with — increased premiums from cyber insurers.  

It’s not surprising. Cybersecurity shortcomings are an increased risk, but that doesn’t mean organizations have to just accept the higher costs. Because insurance companies assess security measures already in place when assigning the premium, organizations can keep theirs lower by taking proactive measures to strengthen their defenses. 

A Zero Trust Architecture reduces the chances of a breach with continuous access verification, which responds dynamically to a wide variety of criteria including user identity, access device security posture, risk of request — and more.  The benefits of this approach go well beyond restricting access. By adopting a Zero Trust philosophy , organizations set up essential cybersecurity strategies to keep risk low now and down the road by decreasing the attack vector.  

Build Processes That Will Last 

One of the most significant challenges for any cybersecurity program is building something that will last. Implementing a solution that not only protects your systems today, but will be able to scale and adapt as your business grows is difficult. You can’t just turn on a Zero Trust environment. It requires a strong solution, strategic planning, and long term commitment. In other words, Zero Trust must be understood and executed as an iterative set of projects — in project management terms, a program.  

Businesses have to be intentional about every cybersecurity step so the program  will continue to protect the most essential assets. To start strong, Hitachi ID (along with our partner IntiGrow) kicks off Zero Trust implementations by identifying vulnerabilities via an assessment of current systems and processes. This identifies what solutions are used and determines what processes will be the best fit (e.g. organizations that already have multi-factor authentication in place will launch at a different point than those without). It also allows us to identify where processes need to be formalized,  strengthened, or newly adopted. Having these pieces in place reduces risk immediately and down the road — something cyber insurance providers are certain to note.  Give them less to look at and less reason for a high premium.  

Define Scope

Many businesses make the mistake of trying to do too much at once when fortifying their cybersecurity solutions. This boil the ocean approach  slows implementations and can create more problems by leaving critical processes incomplete. With cyber insurance companies keeping a close eye on risks, additional gaps in coverage can mean more dollar signs for policy premiums.

To sidestep potential pitfalls, organizations should define the scope from the outset.  Prioritize your projects and tasks and implement an orderly manner.  Start small to get some quick and early wins under your belt (e.g. credential  management, federated SSO, etc) and ensure that processes work and (most importantly) are repeatable. You want to create something that will grow with you. A methodical, more realistic ramp up gives organizations time to get it right and build a foundation that will continue to protect their systems for years to come.

Begin your Zero Trust journey with this free guide.

Give IT a Break

When ransomware strikes, the source is often as simple as an employee clicking a deceptive link in their email, answering a scam phone call, or setting a weak password. It can happen to anyone within an organization, but it’s the technology teams that are burdened with picking up the pieces. Improving employee awareness of cybersecurity risk through education is foundational in avoiding these scenarios altogether. Among other factors, cyber insurance providers look closely at the processes in place to educate teams on cybersecurity best practices. Organization-wide education and preparedness including best practices and ransomware-prevention knowledge sharing — coupled with Zero Trust architecture —  work together to significantly reduce risk and prevent attacks. 

The Best Defense Is a Strong Offense

A Zero Trust framework does more than enhance security status — it provides a security-first foundation for system process, design, and operations that can protect data, reduce complexity, and improve operational maturity. Learn more about how Zero Trust can strengthen your organizations cybersecurity defenses in this complimentary eBook “Zero Trust Security: A Journey, Not a Destination.

Download eBook now