Over the course of the past year, our monthly articles have focused on a variety of elements that lead to reliable network security, including:
- The importance of having a Managed Security Service Provider (MSSP).
- That endpoint protection is a critical, always-on-the-job service that searches and documents new threats the moment that they are seen in the wild, protecting networks to a degree that simple antivirus products cannot.
- That internal security through data governance is just as important as the cybersecurity combatting external threats
- That backup integrity is critical for restoration.
Reviewing all these aspects of threat protection and crisis preparedness have been centered on another critical component of a business network’s profile, and that is its cyber insurance coverage.
Several years ago businesses had the flexibility to decide whether they wanted to invest in cyber security or cyber insurance. But the years and rising cybercrime statistics have changed all this. Actuarial realities have made insurance companies unable to risk coverage of networks that fail to have in place the software and services that are meant to guard their system and its data.
According to Norton, in 2021 there were approximately 1,900 cyber attacks in the US alone. Additionally, the average cost of a ransomware attack is $1.85 million. With numbers like that, it is no surprise that insurance companies are increasing the premiums on cyber insurance, and requiring a thorough evaluation of a company’s IT profile before a company will qualify for coverage. In other words, businesses can no longer choose to invest in cyber insurance in the place of critical IT security tools and services. And, with a threat landscape that never stops evolving, it is not possible to ignore the importance of protecting the business’ primary assets: its data, business records, and its ability to function on its computer network. If these are destroyed, the business is destroyed. The question then becomes one of how to afford the most secure and protected network possible, and still afford the liability insurance that the business will still need to survive in the event that a cyber disaster strikes in spite of all the preventative measures taken.
Building a Budget for a Protected Network
The general rule of thumb is “most industries spend an average of 3% to 4% of their revenue on IT.” But beyond this, it is not possible to give an exact figure of what a cybersecurity budget should be. There are too many variables. The type of industry and the government compliance standards that apply will often outline the basic expectations, but even so this will involve many personal choices about each business’ preferred path to meet those standards. Building a proper budget that is the right fit for a company means sitting down with professionals who can help sketch out the details.
An MSSP Provider and a Cyber Liability Insurance Agent
To build an achievable budget, the CXOs of the company will want to interview two people: an MSSP and a Certified Cyber Insurance Specialist (CCIS). The MSSP is able to evaluate the business and its current security and data backup/restoration system. They can make recommendations about what services and systems are good and which ones are lacking. The CCIS will be able to identify all the security and policies that would need to be in place for meet the optimal coverage, deductibles, and price desired. Together, the MSSP and the CCIS can come up with a sweet spot that will meet the needs of the business. Then the business will be forearmed with a complete picture, and can begin to budget effectively for the security they want and need.
The hardest step is often to get past the fear factor. As an MSSP, we too often meet with new clients after they have faced a cybersecurity disaster. We hear them admit that they did not invest in better security and backup previously because they assumed it was out of reach. While proper security and coverage is not cheap, it is achievable. And, as it protects business assets and customer information, it can be considered priceless.
So if you are looking forward to 2023 with a mind to strengthen the fundamentals of your business, and if a more resilient, secure, and functional network is a part of that vision, then consider a cyber review of 2022. It will put you on the road to future cyber success. If you need guidance, call Secure Networkers at 281-651-2254 or reach out to us by email with your questions. We will be glad to help.