"An attacker only needs to succeed once to compromise their target, whereas the target must succeed 100 percent of the time to avoid compromise."
This is a fact that many businesses overlook when assessing their cyber security posture.
Despite this, more businesses are turning to cyber insurance as a solution, resulting in a 92 percent increase in cyber insurance costs in the UK during 2021, simply because insurers have no tangible way of tracking what security tools their customers actually have.
Insurance companies understand, perhaps better than most, that prevention is better than cure, which is why a layered approach to security is required and recommended.
The most important thing for businesses to understand about insurance is that if a claim is filed, they will need to show evidence of having all of these measures in place, so reporting should be a key factor for MSPs and businesses alike when implementing these tools.
The good news for businesses that already have Cyber Essentials in place is that they already get £25k of cyber insurance. However, as many businesses have discovered the hard way, £25k is barely enough to cover the recovery from an incident, let alone the cost of staff wages and lost revenue during any downtime, and, one of the biggest killers for businesses, reputational damage.
This is why every business should have cyber insurance, but the overarching message to end users should be that prevention is better than cure, and that without the proper prevention tools in place, the risk is not removed or even reduced, and the cost of insurance will also be higher.