Cyberattacks grew at an alarming rate in 2021, and as a result, cyberinsurance premiums are rising considerably. Many insurers are now requiring organizations to prove the strength of their network security before providing a quote.
ConvergeOne works with school districts, higher education institutions, and organizations across many sectors to analyze their network security and prepare for the detailed assessments insurers are now requiring before a policy can be purchased.
ConvergeOne Senior Director of Cyber Security Chris Ripkey says that K–12 schools without mature security systems in place will no longer be able to use their cyberinsurance policies as a “get of jail free card” when cyberattacks occur.
“Cyber security is just one more area schools are being forced to deal with — and there have been a lot of changes on the cyber security landscape in a short amount of time — and they have to do all this on a very limited budget,” says Ripkey.
School districts shopping for or renewing their cyberinsurance, he says, can expect to be asked to demonstrate that they have the following protections, at a minimum, in place:
- Multi-factor authentication
- Antivirus and malware protection
- A mature data privacy program to protect student and staff information
- A robust patch management system
- A managed endpoint detection and response services
- Immutable backups separate from the rest of the infrastructure
“The cyberinsurance brokers will ask for all this information in a self-assessment, and if you don’t meet the minimum requirements, they are not going to insure your district, or your premiums are going to be a lot higher,” Ripkey emphasizes. “Our advice is to do your own full assessment before shopping for insurance — take stock of your security practices and where you stand.”
For smaller districts without a chief information security officer on staff, he recommends either contracting with a virtual CISO service, or start a self-assessment using the free Top 18 Critical Security Controls guide from the Center for Internet Security.
With the changes in the cyber market pushing demand for on-demand cyber security expertise such as virtual chief information security officers and cyber security auditing and advising, ConvergeOne recently introduced a Cyber Recovery as a Service solution, enabling our clients to use an air-gapped cyber vault to successfully recover their data from ransomware attacks without having to pay a ransom.
ConvergeOne is launching a cyberinsurance advisory service, as well. It is a uniform service offering a deeper dive and assessing client cyber security health before they shop for new cyberinsurance or update their existing policies.
Another thing Ripkey says schools should consider when buying a policy is whether the insurer has expertise in cyber security, and which vendors will the insurer use for remediation or recovery in the event of a cyberattack.