Organizations Must Improve Their Security Posture to be Eligible for Cyber Insurance

Image shows a laptop with a man's hands typing. Illustration above the keyboard includes an umbrella, suggesting cyber insurance.

According to Netwrix’ 2023 Hybrid Security Trends Report, 59% of organizations either have a cyber insurance policy in place or plan to purchase one within 12 months. But those who are shopping may be in for a surprise. As insurers become more educated on what a “secure organization” looks like, they are tightening their requirements, putting the onus on organizations to be more secure.

Cyber insurers have spent the last few years learning what they don’t know about this new market. Today, cyber insurers are aware of the need for their insured organizations to have a proper security posture that includes a wide range of solutions.

Oftentimes, organizations don’t have all of the required security controls implemented, resulting in either higher premiums or denial of cyber insurance coverage. According to Netwrix, 28% of organizations applying for cyber insurance needed to make changes to their security implementation to obtain a lower premium, and 22% had to do so just to qualify for a policy at all.

The report mentions several security challenges impacting applicants’ approval for cyber insurance coverage. But what’s interesting to note, when asked who or what poses the biggest risk to data security, the number one answer was the organization’s own employees. 

Almost half (47%) of organizations had to implement regular security awareness training for their employees to qualify for a policy.

And it just makes sense; the number one initial attack vector is still phishing. Through continual training, organizations reduce the likelihood of a successful initial compromise that would lead to a full-blown attack – something cyber insurers want their insured organizations to prove they know how to avoid.

Need Cyber Insurance? Train Your Employees to Recognize Threats

New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your first line of defense. 

Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be to check this box on your cyber insurance application! KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Not convinced you need to train your users? Test them!

Free Tool to Phish Test Your Users

KnowBe4’s Social Media Phishing Test is a free IT security tool that helps you identify which users in your organization are vulnerable to the types of phishing attacks that can put your users and organization at risk. Because Savvy is a preferred KnowBe4 partner, we can quickly get you set up in this free test so that you can assess your vulnerability.

Here’s how the free Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Get your free Social Media Phishing test from Savvy. Simply contact us and we’ll get you set up.

Facebook
Twitter
LinkedIn
Pinterest

Leave a Reply

Discover more from Savvy Training & Consulting

Subscribe now to keep reading and get access to the full archive.

Continue reading

Contact Us: