Search This Blog

Tuesday, April 23, 2024

10 Ways to Lower Your Cyber Insurance Cost

By Catherine Powell

Image courtesy Pxhere

Computer hacking has gotten so costly to businesses that most insurers have not only been forced to raise their rates, but some, like Lloyd's of London, have added exclusions for state-sponsored hacks.  This has put small business owners in a situation where they're having trouble affording cyber insurance, even when they know there's a high probability that their business could be targeted.  If you're caught between a rock and a hard place when it comes to defending your business from cybercrime, let me clue you into ten ways that you can improve your firm's cyber security while reducing your cyber insurance costs at the same time. 

#1: Train your staff on how to recognize and avoid cyber crime. - If your employees don't know the difference between phishing, smishing, and quishing, how can they keep the wolves at bay?  If they aren't taught how social engineering, ransomware, and deep fakes work, do you think they should be blamed if your network is breached?  More importantly, if your staff isn't being constantly updated with the latest tricks and traps used by cybercriminals to destroy your company's security, can they be expected to help you protect your company's digital assets.  Since the cost of cyber insurance is based on risk, if you institute routine cyber security awareness seminars for your staff, you could be entitled to a discount by your insurer.  

#2: Do you have an emergency response plan in case of a cyber attack? - Just as businesses are required to have emergency exits in case of a fire, every business should have a written emergency response plan that details what to do if the firm experiences a cyberattack.  Far from being like locking the barn door after the horses have fled, every second that's wasted after a system has been breached guarantees that more damage will be done.  That's right, as soon as anyone you employ suspects that your server or anything connected to it has been breached, the clock is ticking.  What could start out as a hacked laptop, printer, peripheral, or IoT device, could quickly spread to other devices connected to your server.  This could ultimately lead to data loss or a ransomware attack that could paralyze your entire business.  

Image courtesy Pxhere

#3: Who's minding the mint? - The problem with most companies, including those on the Fortune 500, is that they don't take cyber security seriously enough until they experience an attack.  Last year MGM Resorts and Caesars Palace in Las Vegas both experienced cyber attacks that caused massive losses to both resorts.  Neither of these companies had any inkling that their digital infrastructure was compromised until their computer started to display ransomware notices.  (It was reported that Caesars paid $15 million ransom to the hackers.)  My point is that if multinational corporations can be caught with their pants down, what makes you think your company can't?  The best way to avoid being caught unawares is to institute checks and balances that will alert management to unauthorized activity on your network.  Network monitoring software and penetration testing can give you a leg up on security lapses that could cost you big if ignored. It could also make your insurer reassess your commitment to protecting your digital assets.

#4: Have your IT department institute zero trust architecture. - When the Corona Virus pandemic hit, many companies resorted to working with their employees remotely.  While this permitted those businesses to continue doing business, it also opened the door to unauthorized access by hackers. Zero trust architecture utilizes a number of security protocols designed to verify the identity and limit the access of users and devices before allowing them onto a network.

#5: How vulnerable are the vendors you work with to cyber attacks? - In 2022, one third of reported data breaches were caused by third-party software and more than 80% of corporate CIOs who were surveyed responded that they feared their software supply chain was vulnerable to cyberattack.  It doesn't matter how well secured your corporate network is if any outside organizations you work with supply you with compromised software, cloud computing, or IT services.  Vendor Risk Management can help you monitor and mitigate any risks associated with third-party vendors.  VRM programs can prove vital in reducing your business' financial, legal, and compliance risks that are used by insurers to determine your cyber insurance costs.

#6: How bulletproof is your business data backup system? - If a hacker manages to plant ransomware on your server, how long would it take you to rebuild your system from the ground up?  One of the first thing that ransomware is designed to do is encrypt all data on an infected system in order to bring a business to a screeching halt.  Whether you pay the ransom or not, you may come to find that you're still unable to recover all of the lost data.   The only way to ensure that your business will be able to get back on its feet is by having a robust data backup system that is updated on a daily basis.

Image courtesy Pxhere

#7: When was the last time you updated your technology?  -  Just as a home insurer would insist that you replace that old roof or ancient water heater before they write your policy, a cyber insurer wants to make sure that your office technology is up to snuff.  That means you need to make sure that all your software is up to date and your business isn't relying on a WiFi router that was purchased when Barrack Obama was still in office.  All it takes for hackers to breach you corporate security is one vulnerability.

#8: While you can't dig a moat, you can beef up your business' firewall. - Even though computers running Windows and macOS come with firewalls, that doesn't mean they're bulletproof.  Half the updates issued by Microsoft and Apple are patches for recently discovered security threats.  If you want to harden your company's defenses, consider adding a hardware-based firewall that will act as a second line of defense. Better to spend a few hundred dollars now than who knows how much should your network suffer a ransomware attack.

#9: Audit your primary business techno-defenses. - Routers come with default passwords that are published on the dark web.  Make sure your IT staff changes this to a strong password that can't be easily compromised.  Speaking of passwords, check that every device in your office uses passwords that aren't easy to crack.  Enable two-factor authentication whenever possible to add a second step to boost security when logging into your network.  Shut down machines that are idle to prevent hackers from penetrating your system through attached devices. Add a VPN that can make it more secure for both in-house staff and remote workers to access your company network.

#10: Consider adding virtualization to your defensive lineup. - Just because you teach your staff to avoid surfing sketchy websites doesn't mean that everyone will get the message.  All it takes to render all your best intentions useless is for one employee to infect your network with spyware or a computer virus.  Virtualization packages like Parallels or VMware Fusion makes it possible to run virtual machines with guest operating systems to sidestep Windows or macOS to make it safer for your staff to surf the web.

Catherine Powell is the owner of A Plus All Florida, Insurance in Orange Park, Florida.  To find out more ways to save on flood insurance, check out her website at


  1. PT Barnum once said, "There's a sucker born every minute." I think that should be updated to read, "There's a hacker born every minute."

  2. This is a very important issue for all business (great or small).
    Threats are evolving faster that most companies can respond, and cyber insurance can help. This article helps lower your cost of that insurance.


10 Ways to Lower Your Cyber Insurance Cost

By Catherine Powell Image courtesy Pxhere Computer hacking has gotten so costly to businesses that most insurers have not only been forced t...