Jarrett Kolthoff | May 13th, 2022

In the United States, small to mid-enterprise businesses (SMEs) account for 99.9% of all employers and, as such, are heavily targeted by threat actors deploying ransomware. SMEs are 490% more likely to experience a security breach today than they were 2 years ago, according to industry research. These statistics are staggering, especially within the context of the current cyber threat landscape (US Small Business Administration).

For many organizations’ operations, ransomware is an existential threat. Momentive’s recent ‘Ransomware Survey’ notes 75% of businesses would not survive more than a week following a ransomware attack. Furthermore, mid-enterprise organizations are the most targeted segment, representing 81% of successful intrusions (CRN). Even enterprise operations face immense challenges, despite larger security budgets, as they have troves of sensitive data carrying a massive price tag on the dark web.

The troubling reality of the cyber landscape highlights the urgent need for all businesses to have robust cybersecurity and effective, affordable cyber insurance. In today’s cyber insurance market, however, coverage is expensive.

At SpearTip, we take pride in partnering with insurance brokers, like John Loftus and the team at Alliant. Together we work to ensure businesses, regardless of their budgets, size, or industry, can afford premier cybersecurity protection and limit cyber insurance increases, so risking their business and its critical data are not perceived as options.

As perceived and actual risks of a cyberattack are high and continuously rising, insurance carriers necessarily charge considerable premiums: in the past 12-18 months, many clients faced increases of over 100%. The ‘global insurance composite pricing change’ rose 54%-94% respectively during that time, per the latest research from a large global broker. According to Loftus, “this unprecedented shift in the cyber insurance marketplace over the past 12-18 months has been primarily driven by the uptick in severity of ransomware claims.” The consequence of this transition is twofold: insurance companies push for substantial increases in pricing and deductibles, and cybersecurity firms engage with companies to make them more operationally resilient against cyberattacks, specifically ransomware.

Hardening cybersecurity for SMEs also presents a budgetary challenge. When faced with such a potentially expensive dilemma, many businesses, assuming they are a low-risk target, take the simplest and most troubling route and hope they avoid becoming a ransomware attack victim. The bottom-line for businesses is they will meet restrictions in coverage—if offered coverage at all— as a consequence of having an immature cybersecurity posture.

SpearTip and our insurance partners respond with a comprehensive approach that assists businesses in hardening their security against ransomware and, in turn, qualifying for more effective, affordable insurance. We start with proactive engagements enabling businesses to learn and work toward what they need to be better protected. These proactive risk assessments, including ransomware assessment, penetration testing, security architecture reviews, and tabletop exercises, validate for our insurance partners that clients are either effectively situated in their security program or maintain significant gaps increasing their overall risk profile. Our assessments are accompanied by comprehensive remediation steps to move all businesses toward insurability.

Some specific steps we help businesses put in place include a written and tested incident response plan (with immediate access to our industry-leading rapid incident response team), implementation of internal safeguards like MFA or anti-phishing protection, and more robust measures like an extended endpoint detection and response platform with ongoing security monitoring. Without these measures, SMEs drastically limit their ability to secure competitive insurance options in the marketplace.

Our ShadowSpear Platform—Identify : Neutralize : Counter—supported by a team of experienced engineers working within our 24/7, US-based Security Operations Center (SOC), provides a comprehensive solution for business partners seeking to harden themselves against ransomware. Engaging in continuous cyber threat hunting while also empowering our team to remediate active threats within partner environments in real time tremendously reduces attack surface, thus diminishing the opportunity for threat actors to deploy ransomware.

Without the proper protections in place, many cyber insurance companies are increasingly unwilling to provide coverage to businesses. “From their vantage point, until businesses address certain vulnerabilities, they are not willing to offer their insurance capital because the likelihood of getting hit with a number of large losses far exceed the premiums charged for the coverage.” Over the past few years, many cyber insurers have lived through this exact scenario where their combined loss ratios exceeded 100%—hence losing money.

While there is no shortage of challenging news businesses regarding the threat and insurance landscapes, it’s necessary to remember there are meaningful solutions available if you have the proper partners. SpearTip will continue to lead the way as the industry standard in cybersecurity during all aspects of the cybersecurity maturity model. Our partnerships with insurance providers will continue to decrease costs and increase our business partners’ ability to run their operations without fear of becoming another statistic.

“Given their comprehensive approach to cybersecurity,” Loftus asserts, “SpearTip is a game-changer for our clients. They enable clients to quickly identify any concerning vulnerabilities and remediate them in real time. Consequently, we know our clients have the right protections in place, which also enables our team to negotiate more favorable on pricing, deductibles, and coverage with the cyber insurers.”