2022 Verizon Data Breach Report, Data Recovery Tips and a Cyber Insurance History Lesson: July Cyber News Bytes
2022 Verizon Data Breach Report
Verizon recently released its annual Data Breach Investigations Report, which analyzes over 23,896 incidents and 5,212 confirmed breaches. The report provides a valuable overview of the cybersecurity landscape and quantifies the trends we have reviewed in past newsletters. It also emphasizes the complexities associated with managing today’s turbulent cybersecurity risk. As stated within the 2018 edition of the report, this information is vital in helping security practitioners understand what is happening and what can be done to protect ourselves from cybercrime.
Five Data Recovery Tips You Can’t Afford to Get Wrong
Does your organization have a practiced incident response plan (IRP)? Is data breach recovery a part of your IRP? If not, it is crucial to act now. One way to do this is to implement multi-factor authentication (MFA), monitored endpoint detection and backup solutions. In a recent article for Net Diligence, PCS President Anthony Mongeluzo details five data recovery tips for responding to a cyber incident.
IT vs. End Users: A Struggle Over Local Admin Controls
Over the past 18 months, all insureds have experienced the elevated scrutiny of today’s cyber underwriting process. In response to the activity that has been widely covered, see the 2022 Verizon Data Breach Report above, cyber insurers and underwriters continue to require more from their prospective insureds. Administrative control is one of the areas drawing critical attention during underwriting. The “why” behind this focus is explained in a recent IT Brew article.
25 Years: The Journey of Cyber Insurance
Cyber insurance has evolved dramatically in the past quarter century. A recent article from Insurance Journal outlined the history of this critical line of insurance coverage, beginning with the first policy crafted in 1997 that addressed a perceived risk of financial regulators from the first internet bank. At that time, companies were required to complete extensive applications that outlined risk management controls around people, processes and technology. Vulnerability assessments were also conducted and insureds were required to remediate vulnerabilities.
By 2015, there were over 50 cyber insurance carriers offering much broader terms and conditions and significant premium reductions. Carriers were no longer requiring vulnerability scans and applications were shortened to 2-3 pages. In 2020, the market showed signs of hardening due to the frequency and severity of cyber claims and attacks, which has continued into 2022. Carriers have restricted their appetite, significantly increased premiums, increased retentions, reduced policy limits, added exclusions and some have added coinsurance.
Greater underwriting scrutiny, with vulnerability scans and the requirement of minimum cyber security controls are now in place for many carriers to agree to quote. We expect that the cyber insurance market will continue to evolve and mature as the cyber landscape continues to change.
Preparing For Insider Threats
Insider threats are threats from within your organization’s network. They can be both intentional and unintentional. These threats are often difficult to detect and can come in many forms, including through individuals or an organization’s assets, people, information and technology. Oswald’s Lacy Rex recently developed an informative blog on this growing threat that covers how to prepare your organization.
RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.
To subscribe to the RCM&D Cyber News Bytes Newsletter, click here.