In the first few months of 2024, publicly disclosed cyberattacks surged by an eye-watering 96% — and it is predicted that this trend will continue to follow in the foreseeable future1. Alongside the rapidly evolving threat landscape, regulatory environments have changed quickly with a focus on the economic impact of cyber-attacks and methods to mitigate security risks for consumers and businesses alike.
Notably, in 2023, the SEC adopted new rules to ensure and enforce that companies disclose any cybersecurity incidents. These new regulations come with new pressure as they are sure to have a significant impact on the many ransomware attacks and data breaches of recent headlines that resulted in major fines and legal fees.
In addition to having the right tools and practices in place to prevent and mitigate damages from cyber criminals, many organizations have now looked towards purchasing cyber insurance policies and warranties to manage the recovery costs and limit liability of any successful cyberattacks. Despite the attention on large organizations, small- to medium-sized businesses (SMBs) are equally, if not more, susceptible to cybercrimes. Due to the financially destructive and operationally disruptive effects of a cyberattack on a small business, a cyberattack can quickly lead to a business closure. Looking forward, both large enterprises and SMBs will need to carefully consider cyber insurance as an option in a holistic protection strategy against business losses resulting from a cyber-attack.
While cyber insurance can help cushion the impact of a breach or ransomware attack, insurance carriers will expect policy holders to meet them halfway and comply with standards and regulations around cybersecurity posture and tools. One of the tools that carriers regularly require applicants to implement is an Endpoint Detection and Response (EDR) solution. Due to trends like remote work and bring-your-own-device (BYOD), endpoints have become increasingly vulnerable and cyber insurance policies often specifically call out the need to have adequate endpoint security. In fact, even with a policy in place, claims can be rejected by insurers if an organization’s security posture is determined to be inadequate. Due to the pressing need for cyber insurance and diligence in risk mitigation, organizations of any size need to understand why EDR is essential for cyber insurance and how this technology ensures compliance to cyber insurance policies.
Understanding the State of the Cyber Insurance Landscape
As the cyber insurance market matures, the focus remains on meeting increasing demand and managing the ever-changing threat landscape and its consequent risk exposures. Some notable trends affecting organizational risk profiles include:
Technological advances in generative artificial intelligence (AI)
Generative AI tools are becoming more advanced and accessible, lowering the barrier for bad actors to create sophisticated attacks. Conversely, organizations must secure their use of AI to prevent data loss and other vulnerabilities.
Migration to cloud technology/Software-as-a-Service (SaaS) applications
Organizations are increasingly adopting cloud technology and moving from on-premises networks to SaaS applications. This shift can create new challenges for network administrators and expand the organization’s attack surface.
Increasing dependency on the Internet of Things (IoT)
Industrial and corporate technology is increasingly integrated into the web of connectivity. Many of these are crucial supply chain components, representing new avenues for threat actors to infiltrate networks if not adequately secured.
Geopolitical conflict
Geopolitical tensions have increased the risk of state actors targeting critical infrastructures across verticals. Cyberattacks have become a weapon in conflicts, with persistent and sophisticated attacks expected.
All this to say, the cat and mouse game that has long described the relationship between cybersecurity and threat actors continues to evolve in the face of new, old and pressing threats. In a digitized, interconnected world, cyber insurers play an important role in protecting businesses against significant cyber risks. Cyber insurance providers understand that even though integral parts of the global economy are dependent on digital assets, the levels of risk mitigation and threat protection remain inadequate.
Clearly, cyber insurance needs are reaching a new level of precedence — especially in the SMB space where 75% of SMBs couldn’t continue operations if hit with ransomware3. In today’s cyber insurance landscape, organizations will need to adopt the right tools and services to bolster their cyber risk readiness and maintain necessary security precautions.
The Role of Endpoint Detection and Response (EDR)
Endpoint Detection and Response (EDR) is a security solution coined by a Gartner analyst in 2013 that describes security solutions that continuously monitor and analyze activities on endpoints. Since then, EDR tools have evolved to encompass more and more capabilities that can proactively analyze threats and their sources as well as be a post-infection solution which can investigate attacks that have already occurred.
While anti-viruses (AVs) were the focus of securing endpoints in decades past, AV systems are largely based on static threat signatures and patterns, so they are limited to recognizing known threats available in its database. However, with the sophistication of threats, specifically zero-day attacks, today’s threats call for different methods of detection. Namely, EDR solutions are behavior-based and actively monitor and detect both known and unknown threats in real time by flagging suspicious or malicious behavior on the endpoint.
The key functionalities of EDR include the following:
- Threat detection and alerting
Detecting unusual activity and suspicious processes on endpoints that may be indicative of the beginnings of a breach. The EDR system will then alert security teams appropriately.
- Threat hunting
Enables security teams to proactively investigate potential malicious attacks and intrusion events by compiling security events across an organization’s endpoints.
- Threat mitigation/isolation
Security teams can use an EDR tool to isolate hosts on a network while they investigate – a key step to prevent lateral spread.
- Incident response
Once a breach or attack has occurred, security teams can use rollback features to recover the state of the endpoint to its pre-infected state. In addition, administrators will often isolate the infected endpoints to prevent threat actors from gaining access to more of the network.
- Incident remediation
After the initial infection is mitigated , security teams will need to reset the endpoints through a series of responsive actions. They may completely wipe or reset an endpoint to a last-known state before infection.
The many capabilities of an EDR solution when it comes to detecting threats and then responding to incidents make it both important to organizations and insurers when it comes to risk mitigation and threat defense. Especially when 90% of success cyberattacks and 70% of data breaches originate at the endpoint, EDR solutions are an imperative to ensuring security posture.
Why EDR is Fundamental for Qualifying for Cyber Insurance
Adequate endpoint security is so critical that lacking an actively functioning EDR solution often precludes insurance issuance. EDR’s ability to provide post-incident intelligence helps demonstrate that an organization has maintained adequate security posture. Proactive risk management with real-time endpoint visibility allows organizations to swiftly detect and respond to cyber incidents, protecting endpoints and halting breaches quickly.
Insurers are in the business of not only financially ensuring their policy holders but also promoting risk mitigation as a shared responsibility. Insurers are not only financially ensuring policyholders but also promoting shared risk mitigation.
When underwriting cyber insurance policies, insurers may consider:
- Industry
- Size/revenue
- Cybersecurity measures and protocols in place
- Compliance with regulatory standards (e.g. – GDPR, HIPAA)
- Past cyber incident history
- Geographic scope of operations
- Extent of third-party dependencies
While insurers may consider the above for policies covering mid-market and enterprise sized organizations, this is not always the case for SMBs which may be categorized as a risk-class of its own with different criteria and considerations.
Regardless of organization size, adoption of an EDR solution can positively impact these criteria and potentially reduce insurance premiums. With the rise of remote work and BYOD trends, an EDR solution’s ability to secure both on and off-network devices is crucial. Increasingly, the cyber insurance industry is transitioning to also require Managed Detection and Response (MDR) services in addition to EDR. MDR is a cybersecurity service that helps organizations with a combination of technology and human expertise to monitor threats and alerts 24/7, ensuring that networks are protected optimally, alerts are responded to quickly, and subsequently, limiting the impact of threats. Choosing an MDR solution through a managed services provider often includes EDR tools, with both playing critical roles in robust cyber insurance strategies.
