Building Business Resilience

How cyber insurance fits into your risk management plan

Key considerations expand_more

Navigating an increasingly challenging cyber insurance market

As organizations transition to remote or hybrid workforces, the digital attack surface widens immensely. This allows threat actors to target businesses with ransomware and other attacks more efficiently, demanding record-high payouts and inflicting significant business damage. According to the FBI, in 2021, the IC3 received 3,729 complaints identified as ransomware with adjusted losses of more than $49.2 million.1

Once a business has fallen victim to ransomware, its options diminish greatly. Forbes reported that in 2021, more than 60% of those hit by attacks paid the ransom.2 In addition to ransom payouts, cyber insurance providers frequently cover extensive costs for incident response, forensics, and notifications to affected individuals.

Risk assessment model expand_more

Challenges for a different reality

There is no silver bullet to predicting whether an organization will be targeted by ransomware, as Coveware has reported that 55% of ransomware attacks targeted businesses with fewer than 100 employees.3

This has made it increasingly difficult for insurers to develop a risk assessment model for customers. Unlike life insurance, where insurers can draw from years of research to develop actuarial tables and make financially acceptable risk decisions based on medical tests and questionnaires, the reality is different for the cyber insurance sector.

As a result, cyber insurance customers are subjected to substantial increases in premiums along with sub limits for ransomware. A full understanding of the policy terms and conditions is critical to a comprehensive risk mitigation strategy.

Security configuration expand_more

Improving their risk assessment models

For cyber insurance providers and brokers, risk assessment starts with understanding customer security posture. This is gathered through questionnaires to gain insight into a business’ security configuration or external vulnerability scans.

Environments with disconnected products, understaffed teams, and diverse compliance and data protection regulations are most vulnerable. Trend Micro Research reported that approximately half of all serious incidents begin with the exploitation of unknown/unmanaged internet-facing assets, with the remaining 50% due to social engineering via phishing.

Trend Vision One™ unified cybersecurity platform includes market-leading capabilities for securing clouds, endpoints, email, networks, and IoT environments, with built-in security operation capabilities like XDR, risk insights, and more.

With visibility and continuous risk assessment across the organization, organizations can adapt quickly to new business and compliance needs while helping to fulfill many cyber insurance requirements.

Common Application Questions

Questions that insurers will likely ask at renewal or initial application phase

In the current cyber insurance market, it’s important for businesses to be prepared, as some of the configurations that insurers require can take time to implement. Here are the most common insurance applications questions related to Trend Micro solution configurations.

Is multi-factor authentication (MFA) deployed?

remove

Why is this important?

Required by many insurers, MFA is an essential security control that slows attacker activity. It makes exploiting passwords obtained through phishing more challenging and credential dumping a less valuable tactic.

How to respond

If your organization is using MFA for product, employee, and admin login to operating systems and applications (using one-time passwords for example), respond “yes”.

How Trend can help

While MFA is not a capability provided by Trend Micro, it is supported by our solutions. We strongly recommend that customers take advantage of this integration.

What endpoint protection software is deployed? Is it “next-generation” AV?

add

Why is this important?

Strong endpoint protection on employee endpoints and servers is paramount to slowing attackers and detecting early attack stages and impact phases (such as ransomware encryption). “Next-gen” modern endpoint protection uses behavioral detection, machine learning, and other non-signature techniques. Using signatures alone is an outdated approach, ineffective against modern attackers.

How to respond

Most endpoint protection solutions today qualify as “next-generation”. Trend Micro’s endpoint protection solutions support machine learning and behavioral detection, so you can certainly respond “yes” if these capabilities are enabled.

We also recommend ensuring that your products are up to date for optimal detection.

Insurance forms often list vendors, but don’t require you to deploy a vendor from the list. “Trend Micro” is an acceptable answer.

How Trend can help

Ensure that behavioral detection and machine learning features are enabled.

Is endpoint detection and response (EDR) deployed?

add

Why is this important?

EDR is an important capability enabling IT security teams and managed service providers to better detect attacker activity. EDR can help detect attackers in early stages when they are “living off the land.”

How to respond

With EDR activated on your endpoints, indicate “yes”. Trend Micro™ XDR deployed on endpoints is an EDR technology. Insurers have been inquiring about EDR coverage more often. Sometimes insurance forms list vendors, but they do not require you to deploy a vendor from the list. “Trend Micro” is an acceptable answer.

How Trend can help

Trend Micro provides optional EDR and XDR capabilities in its endpoint products:

How does your security team manage endpoint detections and alerts?

add

Why is this important?

Overwhelmed security teams can overlook serious detections from endpoint protection and EDR solutions, allowing attackers infiltrate your environment, or successfully complete attacks before the security team becomes aware. Insurers may want to assess your ability to respond to alerts or boost your security team with managed service providers.

How to respond

Using Trend Micro™ Managed XDR service (stand-alone or as part of Trend Micro Service One™) is worth highlighting on an insurance application. This is because it increases insurers’ confidence that alerts will be detected and the responded to quickly.

How Trend can help

Trend Micro Service One includes Trend Micro Managed XDR.

What is your vulnerability assessment/patch management process?

add

Why is this important?

Attackers are quick to take advantage of remotely exploitable vulnerabilities, gaining a foothold in your environment and leveraging vulnerabilities to move laterally in the environment. An effective vulnerability assessment program shows insurers that you can quickly detect and remediate serious vulnerabilities.

How to respond

Insurers are looking for the use of vulnerability assessment and management solutions as the primary response. Some Trend Micro solutions provide an additional layer of vulnerability mitigation through intrusion prevention technology on endpoints or at the network layer. This provides teams additional time to remediate patching and strengthens the insurance application.

How Trend can help

Provided at the network layer by Trend Micro™ TippingPoint™, intrusion prevention technology is available as a configurable feature in Trend Micro Apex One™, Trend Micro Cloud One™ – Workload Security, and Trend Micro™ Deep Security™ Software.

What is your backup strategy?

add

Why is this important?

Data backup is an important defense against ransomware, reducing the time to recover business operations. Backup is not a 100% effective defense, as attackers can also exfiltrate data for leverage, or target backups for encryption.

How to respond

Insurers require a description of your backup strategy, which ideally includes offline /offsite backups that can’t be easily breached. Trend Micro™ Endpoint Security provides “rollback” of encrypted files as part of a behavioral detection by uncovering the encryption behavior for initial files, suspending the process, and restoring the files - a technique worth mentioning.

How Trend can help

Ransomware rollback capability is enabled in Trend Micro Endpoint Security when behavioral detection is enabled for the following:

Can you describe your email security?

add

Why is this important?

Phishing is a substantial attack vector targeted by ransomware, business email compromise, and other serious attacks. Modern email security capabilities are an essential security control to detect these attacks before they reach endpoints.

How to respond

If you are employing email security gateways or API-based email security solutions connected to a cloud email service such as Microsoft 365, describe what is configured.

How Trend can help

Trend Micro™ Cloud App Security provides malicious attachment detection, internal email traffic and message analysis, and AI-powered writing style analysis. Trend Micro™ Email Security detects threats before it reaches your environment. Trend Micro™ ScanMail for Microsoft Exchange, Trend Micro™ Interscan Mail Security Virtual Appliance, and Trend Micro™ Deep Discovery™. Email Inspector provides on-premises email security.

JOIN 500K+ GLOBAL CUSTOMERS

Discover the power of Trend Vision One™.