Your Policy Won't Save You
I recently commented on the hot mess in Suffolk County, New York. This led me to this WSJ article from 2021 on the difficulty of obtaining cybersecurity insurance.
Cyber insurers are raising prices and limiting coverage after a series of high-profile attacks and mounting claims from ransomware
Covid and Remote Work Highlighted Our Flaws
I can only speak from my own experience. When the workforce was sent home, we were concerned with the following:
- Get those who could work from home up and running as safely and securely as possible
- Complete item #1 above ... like yesterday!
We were lucky (or good, but I'll take lucky any day). Since we were in the middle of a massive firewall deployment, we had enough VPN licenses for our people.
Sidenote:
If you want to make your CFOs day, show them the bill that COULD have been generated. Zing!
I felt like Oprah handing out VPNs and VDIs to our employees. You get one, and YOU get one, and WE ALL GET ONE!!!!
But we're better now...
Nope.
Insurance is still recovering from our poor security position.
Insurers don’t expect the amount they are willing to cover through cyber policies to expand dramatically in the near future, despite signs of a recovery from shock losses in recent years.
Most major cyber insurers are willing to write insurance for their largest customers up to around $15 million
Having worked with our insurance brokers and carriers they told me the horror stories of companies who didn't have a plan (or a prayer). Those breaches came like a tidal wave down on the insurance industry. Now all the chickens were coming home to roost come renewal time. Premiums are up, coverage is down and requirements are growing ever harder.
I'm thankful that my management team took the time to listen, fund, and roll out, not only MFA, but MFA via YubiKeys.
Was it expensive? Hell yes.
You know what else is expense? Someone want to ask the fine folks in Suffolk County New York?