In some ways, this question is a straw man. The immediate assumption is that cyber security (CS) is better than cyber insurance (CI). It's the old "prevention is better than cure" maxim, but given the world that we live in, we need both in our SME protection toolkit.
Unfortunately, there's no cyber security solution that is 100% guaranteed to ward off hackers, so cyber insurance is a necessary precaution. While it's true that certain cyber security measures can help mitigate risk, there have been several notable developments in the CI sector lately.
Firstly, it is no secret that the number of claims in recent years has gone through the roof. It should come as no surprise that premiums have risen significantly, as the two are intrinsically linked.
One report found that cyber insurance has tripled in price in the last three years. Another survey suggested that over 80% of insurers expect prices to continue to rise in the next two years. A few companies have been so severely burned that they have withdrawn from the market entirely, which might be partially to blame for some of the rises.
In addition to price hikes, a second survey suggested another side effect: insurers began demanding significant amounts of evidence from their customers. They wanted pages upon pages of proof, including questionnaires, in some cases, accreditations, and greater transparency. One way to crack the transparency issue is to sign up for services like Security Score Card, which monitors the external footprint of organisations and lets them have accountability with people they work alongside, like insurers or customers.
Why is any of this of interest to you? Well, sooner or later, you will probably be asked to accredit schemes such as "Cyber Essentials" to get your cyber insurance, and if you haven't gotten ahead of it, you may find that to be a bit of a challenge.
Nitec baseline security is designed with Cyber Essentials in mind, so implementing this is an excellent way to get ahead.
Secondly, accrediting Cyber Essentials or Cyber Essentials Plus is a good way to provide peace of mind that the security Nitec provide is up to a standard accepted by a highly reputable third party. So even if you don't need to accredit for work commitments, it can still be nice to have confidence that you are either Cyber Essentials ready or already have the certification!
Going from not paying much attention to your security to achieving Cyber Essentials can be daunting, but it's best to break up the process over time. For example, if you have three months between renewals of your insurance, that's a good time to work on it. (Of course, you can also attack it more quickly under pressure.)
To illustrate this point, consider that as you work through Cyber Essentials, you realise that you have a lot of Android phones and tablets that are no longer patched. You can quickly fix this in the long term rather than fixing it all at once in a few weeks. Or you may find that you have a few machines that need to be replaced and one XP machine attached to a CNC machine. Once again, you can see the need for time to schedule this work with the third party. Two weeks will not cut it; having time allows you to plan the work and budget for it.
If you've gotten to this point in the article and are on the verge of whispering to yourself, "I can't be bothered," you have missed the point. You need to be bothered, as, in all likelihood, you will need insurance—and if you dismiss it out of hand until two weeks before your policy expires, you will be left with the worst of all worlds.
Namely, you'll have to fix everything in a short amount of time, which will cause more problems than it solves. My dad used to say, "If you're wondering how to do a job, get started and wonder how you did it!"
It is worth noting that Nitec is Cyber Essentials certified, so my lecturing to you about keeping your IT safe is not hypocritical.
To get the process kickstarted, call us at 028 9442 7000 or email solutions@nitec.com.