Ransomware insurance protection is a new and somewhat unwelcome additional cost consideration for the UK’s small to medium-sized business sector. Driven by the pandemic, organisations have largely or at least partially moved to remote operations. This creates a problem for both insurer and insured. Adequate protection against cyber criminals is very much a moveable feast being eaten on shifting sands.
Essentially, there is a stand-off as insurance companies try to limit risk exposure while under pressure from customers who insist they receive the cover their premiums are paying for, whether they are right or not. A compromise solution is needed, but first, both sides need to convene and at least agree on a basic framework for progress.
The responsibilities of the insured
If the owners or managers of a bricks and mortar business did not lock all of its doors and windows at the end of the working day or told the regulars in a nearby pub about how their physical security worked they would rightfully be considered reckless or worse. And yet many SMBs are accused of being similarly lackadaisical in their approach to cyber security, with minimal staff training and a distinct absence of top-down seriousness. This is especially true when staff are working from home, including on BYOD (bring your own device) computers, tablets and smartphones.
The responsibilities of the insurers
Where customers take adequate steps to protect themselves, it stands to reason that insurers should acknowledge these efforts. But how, and to what degree? Providing clearer and more transparent guidance on what level of cover comes with what level of security protection would be a good start – this is felt to be somewhat absent at the moment. It would also help if insurers themselves hired more cyber security expertise into their businesses – again something else that many familiar with the industry feel is lacking. Once all of this is in place, policies can become stricter while the insured’s operations become smarter and more effective out of necessity, on all counts.
Source: techradar pro