Cyber insurers are taking steps to reduce their risk, and you should do the same

April 11, 2023 | Cybersecurity
Robert Hall

Written by
Robert Hall

As the cyber threat landscape continues to evolve, so do the security solutions around it, and in the same way, cyber insurance is evolving too. 

This is because cyber insurers have no way of preventing attacks, one way insurers in the UK try to reduce risk is by mandating certain cyber tools, such as Cyber Essentials (and Cyber Essentials Plus), Multi-Factor Authentication (MFA), and security awareness training. 

Cyber Essentials and MFA are security controls that businesses can implement to protect their user devices and accounts, but security awareness training exists to help users understand when they are being attacked. 

Security awareness training is required because insurers have realised that users are the weakest link in the security chain, not because they are ignorant, but because they are not trained to identify attacks. 

It is also worth noting that insurers are quietly updating policies to make it more difficult to make a claim when user error has resulted in an attack or loss of funds. Things like "independently verifying" payments before they are made are a way for companies to ensure that processes are in place for employees to follow, such as contacting a supplier to confirm that new payment details are legitimate. 

Without having these processes in place, insurers are unlikely to pay out, and in cases where claimants have taken legal action, the courts are siding with the insurers. What this means to me is that, as always, you need to cover as many bases as possible.

Put security in place, it will SAVE you money. 

Get insurance, it could provide financial support in the event of a breach.  

Have a joined-up approach to security; instead of relying on insurance or security tools, make sure you have processes and policies in place that ensure staff understand what they need to do to avoid incidents. 

Contact us

Recommended reading

A year of Sendmarc: 2024 highlights

At the start of 2024, we introduced Sendmarc to the UK channel. As we approach the first anniversary, we ...

Brigantia: A look back over 2024

As 2024 comes to an end, there’s plenty to reflect on over the last 12 months. This year has had many ...

How AI chatbots pass the Turing Test and the cybersecurity implications

In 1950, Alan Turing proposed a test to measure a machine's ability to exhibit intelligent behaviour ...