The Global Cyber ​​Insurance Market is Expected to Reach more than 20 billion dollars by 2025. However, many organizations are finding it harder (and more expensive) than ever to insure against their nightmare breach scenarios. The premiums have greatly increased in recent yearsthanks to an increase in demand and the volume and sophistication of cyber threats.

Insurers want to limit their exposure to large-scale attacks and are much less likely to accept risky customers. This means that organizations find coverage to be much more expensive – if they can get it at all.

According to a blackberry study, only 20% of U.S. organizations have coverage above $600,000. When the average data breach is estimated cost $4.35 millionwhich leaves many people in a precarious situation in the event of a disaster.

Why cyberinsurers are increasing premiums

Cyberinsurers have been spooked by the increase in cybercrime and associated payouts. The US Treasury revealed that ransomware payments alone add up more in 2021 than the entire previous decade combined.

On top of that, they worry about the fallout from the Russian-Ukrainian conflict. A major British bank Lloyds of London set up a policy excluding nation-state cyberattacks from their cyber insurance policies.

Insurers are increasingly selective about the partners with whom they associate. A home insurer is going to be very careful when it comes to insuring a home in a notorious tornado path or flood plain. Similarly, cyber insurers will not insure organizations against cyber attacks if a serious breach looks like a matter of “when” rather than “if”.

Organizations are rigorously assessed on an individual basis, as each risk profile is different. Underwriters want to see evidence that cyber risk is managed, effective processes are established, and employees are targeted with security training and awareness.

If the risk is deemed too high, they will charge high premiums or not insure the business at all.

What is the place of passwords in cyber insurance?

When insurers assess an organization’s cybersecurity posture, password security is a key consideration. Credential theft is big business for cybercriminals.

Once the passwords are hacked, they can be sold on the Crime-as-a-Service market for profit. Stolen passwords are often the starting point for more damaging scenarios such as ransomware attacks.

Specops research shows that in a analysis of 800 million hacked passwords, 83% of compromised passwords meet the password length and complexity requirements of password regulatory standards. This data shows this all too common problem.

Passwords have been a headache for IT security teams for decades. But they are here to stay. Biometrics offers an alternative, although it is impossible to change if compromised, while changing a password to something different is quick and easy.

The key is to have visibility into the passwords that were compromised in a breach and the control to change them. As our data shows, there isn’t much that security awareness and employee training can do.

Can strong password security reduce premiums?

In short, yes. Data from a LastPass survey shows 83% of companies said they had to prove to their insurer that they had multi-factor authentication or password management in order to qualify for coverage or receive a lower premium rate.

Insurers will also assess whether policies are in place to ensure employees use complex passwords and rotate them accordingly. Outdated processes like managing passwords in a spreadsheet would be a major red flag for insurers. While setting up a discovery tool for Active Directory accounts and passwords shows that they have visibility into compromised passwords and who needs to change them.

As Darren James, product specialist at Specops softwaresays, “We find that hackers circumvent any complexity or length requirements by attacking passwords that they know are likely to be reused on your network.

A long or complex password is no stronger than a “password” if it’s already compromised, which is why it’s so important for organizations to protect against reusing compromised passwords. .”

How to start strengthening your password security

The first steps to increasing overall password security in your Active Directory environment are to start blocking weak and compromised passwords and enforcing a stricter password policy.

Enforce compliance requirements, create custom dictionaries, and help users create stronger passwords with dynamic end-user feedback with a software tool like Specops password policy with breached password protection.

You can block over 3 billion known compromised passwords while extending Group Policy functionality and simplifying fine-grained password policy management.

Specops password policy allows organizations to block usernames, display names, specific words, consecutive characters, incremental passwords, and reuse a portion of current passwords while proving to insurers that you enforce effective password security in your organization.

Sponsored and written by Specops software