As cyberattacks increase in volume and intensity, organizations rely on the peace of mind provided by cyber insurance. In the case of a successful breach or ransomware attack, the right policy means liability will be limited and losses contained.

But skyrocketing claims in 2020 led insurance companies to drastically rework the criteria for acquiring or renewing cyber insurance. Today, companies face a completely changed landscape, with organizations required to demonstrate the ability to fend off ransomware attacks via a wide array of security controls.

For example, underwriters now require specific identity security measures to be in place, including the ability to enforce multifactor authentication (MFA) across internal and external admin access within the environment as well as monitor and protect all privileged accounts to prevent the lateral movement threat actors perform to spread the ransomware in the targeted environment. The challenge here is that there is no MFA solution that can protect the command-line access tools attackers utilize to launch this lateral movement. Furthermore, there is no built-in utility for the protection of highly privileged machine-to-machine service accounts that attackers typically compromise.

As the rate of ransomware attacks soars – up 71% in the past year and fueled by the billions of stolen credentials available on the dark web – threat actors increasingly make use of lateral movement to successfully spread payloads across an entire environment at once. Major companies including Apple, Accenture, Nvidia, Uber, Toyota, and Colonial Pipeline have all been the victim of recent high-profile attacks resulting from blind spots in identity protection. This is why underwriters have put stringent measures in place that companies must meet before being eligible for a policy. The new requirements have come as a surprise to many organizations, who find themselves struggling both with understanding the technical details and also with finding the right solutions to qualify for a policy. Fortunately, there is a way for companies to address even the most challenging requirements via an approach that is straightforward and lightweight.

Silverfort Identity Security platform uses an innovative architecture – one that requires no modifications to the existing environment or code changes – to address the new cyber insurance requirements in an easy to implement solution. In this eBook, we examine these requirements in depth, discuss the challenges of each, and explain how Silverf-rt enables you to comply.

Can you Afford the Risk of not Having Cyber Insurance?