When things are important to us, we protect them. That’s why we have health insurance for ourselves and our loved ones. It’s why we have life insurance, car insurance, and even home insurance. And with cybercrime estimated to cost the world $8 trillion annually in 2023, there’s one more insurance policy to add to the list: cyber insurance for your business.
What is cyber insurance?
So what is cyber insurance (also called cybersecurity insurance)? It’s an insurance policy that provides financial protection against losses from cyberattacks, data breaches, and other cyber-related incidents.
TechTarget defines cybersecurity insurance as “a contract that an entity can purchase to help reduce the financial risks associated with doing business online.” The FTC calls cyber insurance “…one option that can help protect your business against losses from a cyber attack.” Nationwide gives further details, saying cyber insurance “…generally covers your businesses’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.”
How Cohesity helps you qualify for cybersecurity insurance
When looking to purchase cyber insurance, there are several factors to consider. Purchasing cyber insurance is not like purchasing auto insurance, or other insurance types. Applicants must meet a number of highly specific requirements—around internal security, people training, email security, and data protection policies, among others—and follow strict rules during the application process.
One area where many organizations fall short? Having sufficiently robust internal security controls and a modern backup and recovery solution that meets today’s more stringent requirements. So, does your data backup solution meet the necessary criteria?
Let’s take a look at some requirements found on a cyber insurance application under the backup and recovery policies section:
Cohesity’s leading data security solution helps you check these boxes listed below:
Backups are kept in a separate area isolated from the production network.- Backups are kept in a dedicated cloud backup service.
- Backups are encrypted.
- Backups are immutable.
- Backups are secured with different access credentials from other administrator credentials.
- Backups utilize MFA for both internal and external access.
- Backup integrity is tested prior to restoration to ensure they’re free of malware.
Backups are kept in a separate area isolated from the production network.Built on the Cohesity Data Cloud, Cohesity DataHawk helps you protect, detect, and recover from ransomware and cyberattacks. DataHawk helps you better protect from ransomware and cyberattacks with:
- A modern immutable data protection solution with instant mass restore at scale
- Additional resiliency with a cloud-vaulted copy of data with Cohesity FortKnox
- User behavior analysis to identify suspicious user activity that can indicators of tampering
It helps you better detect an attack with:
- Intelligent threat protection that scans for ransomware strains and automatically stays up to date with the latest threat feeds
- Accurate data classification so you can detect and find sensitive data that may have been compromised
- Backup data anomaly detection so you can detect an attack that has evaded your perimeter security
And it helps you recover with confidence with:
- Threat scanning to help identify compromised and clean copies of data to recover from
- Integration with leading security tools, including recovery workflows in incident response playbooks
- Cloud-based recovery with FortKnox that provides a secure way to recover data in worst case site down scenarios
Cohesity customers and cyber insurance
Now that you know what cyber insurance is and how Cohesity can help you meet the criteria necessary for it, let’s see how this works in the real world.
What do a federally-recognized tribe in Oklahoma, schoolchildren outside of Atlanta, and the German state of Hessen have in common? They’re all Cohesity customers, and Cohesity has helped them all get cybersecurity insurance.
Ransomware protection helped Citizen Potawatomi Nation (CPN) qualify for cybersecurity insurance. “Citizen Potawatomi Nation (CPN) has the same security concerns as any state and local government, including member privacy and continuity of service during a cyberattack,” says Christopher Abel, CIO/IT Director for CPN.
CPN uses two Cohesity solutions for ransomware protection. Cohesity DataProtect creates a local copy of CPN’s data on HPE Apollo servers. And Cohesity FortKnox creates an offsite copy of CPN data in a secure cyber vault in the AWS cloud. Both copies are immutable, and can’t be encrypted or deleted as part of a ransomware attack. “We sleep better knowing that Cohesity FortKnox protects our business and cultural data,” Abel says.
Like many organizations, security is top of mind for school districts, too. Serving 52,000 students just south of Atlanta, Clayton County Public Schools (CCPS) needed to meet mandates for cybersecurity insurance compliance. In fact, it was required to have an offsite copy of data isolated from the primary environment to qualify. With FortKnox, CCPS now not only meets requirements for cybersecurity insurance, it also ensures an additional layer of protection against ransomware.
“With FortKnox, we now have an isolated, immutable copy of our critical data in the cloud without having to manage an offsite data vault ourselves,” says Kurt Pritchett, Sr., a network engineer at Clayton County Public Schools.
In the German state of Hessen, the public healthcare of panel doctors is overseen by Kassenärztliche Vereinigung Hessen (KVH). As data volume grew, KVH needed faster backup and recovery, and stronger security—including ransomware protection. KVH now uses DataProtect and Cohesity SmartFiles for a stronger security posture, including ransomware protection.
“Using Cohesity immutable backups and ClamAV significantly lowered our premiums for ransomware insurance,” says Christian Zinke, team lead for IT infrastructure at KVH.
Cyber insurance: a key part of a comprehensive data security strategy
Cyber insurance, secure data protection, phishing controls, internal security policies, and more, are all critical key parts of a comprehensive data security and management strategy. A leading data security and management solution that helps meet the criteria for cyber insurance can better equip organizations for cyberattacks when they happen. Cohesity offers these capabilities and may help you meet the necessary criteria needed for cyber insurance applications.
To dig deeper into the topic of cyber insurance and get comprehensive answers to common questions, we’ve created a tip sheet. Read “5 essential cyber insurance questions: What to know with ransomware soaring” now.
