Why EDR is fundamental to qualifying for cyber insurance

Acronis Cyber Protect
formerly Acronis Cyber Backup

As ransomware attacks become more pervasive and costly, insurance companies are imposing increasingly strict requirements on businesses that want a cyber insurance policy. Insurers are now insisting that businesses adopt a wide range of technologies, policies and people skills around cyberdefense and recovery to qualify, including implementing security technologies, following best practices and adhering to regulatory compliance.

Insurers now look for certain indicators that demonstrate an organization’s ongoing readiness to mitigate cyber risk and enhance protection against modern threats. Leading the list of these new requirements is the installation of an endpoint detection and response (EDR) solution.

This article focuses on the crucial requirements that help companies build cyber resilience and thereby qualify for cyber insurance coverage. We uncover the common reasons for cyber insurance denials, the challenges that today’s businesses face when applying for coverage, the business outcomes of obtaining insurance and the key features of EDR needed to satisfy policy requirements.

Common reasons for cyber insurance denials

To be eligible for cyber insurance, it is imperative to implement a number of specific security measures and controls against advanced threats. Not only are these qualifiers necessary for cyber insurance, but they also comprise layers of a holistic cybersecurity strategy. The absence of these qualifiers may result in denial of insurance policy coverage or claims.

The top reasons organizations experience insurance denials include:

·       A lack of multifactor authentication (MFA) implementation

·       Failure to mitigate cyber risks, including neglecting to patch known vulnerabilities or encrypt data

·       Irregular backups

·       Reliance on legacy anti-virus that uses signature-based detection

Businesses are facing headwinds in cyber insurance

Businesses face mounting challenges to keep cybercriminals and known vulnerabilities out of networks. The average business deals with phishing schemes, stolen passwords, exploitation of known but unpatched software vulnerabilities, and other sophisticated intrusions. These obstacles are only exacerbated with the advent of generative artificial intelligence (AI) tools like ChatGPT that make smart cybercriminals more effective and enable unskilled ones to get into the game. In response, the insurance industry has made it more difficult for its policyholders to collect on claims for damages from a cyberattack. For example, some insurers now limit claims to a specific number of compromised networks, or impose caps on payouts to help offset their growing costs.

Top business benefits of cyber insurance coverage

Cyber insurance coverage offers several advantages to businesses that qualify. Insured organizations enjoy peace of mind knowing that some of the costs of unforeseen cyberattacks will be defrayed by a policy claim, including compliance penalties incurred by governments and industry regulatory authorities.

Cyber insurance may also bolster loyalty and trust between a business and its customers. Organizations with cyber insurance exhibit a clear commitment to secure sensitive customer data. Cyber insurance policies can give companies an advantage in competitive markets when customers learn the integrity and protection of their data is being valued.

Reduced cyber risk is one of the most important benefits of cyber insurance. By satisfying cyber insurance prerequisites, companies demonstrate they have undertaken fundamental protection measures to counter malware, ransomware and other threats. EDR is an essential component of this effort.

How to ensure your EDR meets cyber insurance qualifications

Insurers will ask cyber insurance applicants to document the endpoint anti-malware measures they have in place. Historically, signature-based malware detection and response was adequate — a reactive approach that taps historical data and known threat intelligence information to identify suspicious processes. In an era where new malware instances are developed at the rate of over a quarter of a million per day, and endure in the wild for less than two days on average, signature-based anti-malware cannot keep up.

Consequently, insurance underwriters now insist on behavioral-based detection and EDR to better recognize slight deviations in threat intelligence data and notice threat anomalies sooner. Behavior-based detection lets organizations block and eradicate nefarious processes in real time, and several industry-leading cybersecurity vendors offer behavior-based detection with AI and machine learning (ML) capabilities. EDR takes these anti-malware measures several steps further, correlating events across multiple endpoints, identifying threat patterns, automatically isolating and remediating some threats, supporting threat hunting, and recommending actions to cybersecurity analysts on how to respond to suspicious processes.

Cyber resilience with EDR and cyber insurance coverage

The key takeaway is that behavioral anti-malware and EDR are now essential tools to qualify for cyber insurance.  Businesses that hope to qualify for cyber insurance must demonstrate their preparedness to mitigate cyber risk and counter modern adversarial activity with a defense-in-depth approach to stopping malware threats, including EDR, and a range of response measures in the event that an attack succeeds, including backup, disaster recovery and incident response planning. Cybersecurity and IT operations leaders will find that taking this end-to-end approach to cyber resilience will not only help their company qualify for cyber insurance, but also greatly reduce its overall exposure to cyber risk in the process, improving its uptime, data integrity and compliance posture.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.