Does Pentesting Actually Save You Money On Cyber Insurance Premiums?
Michael Yehoshua
Cybersecurity Thought Leader, Keynote Speaker & Heavy Metal Enthusiast?? - 2X Exits
Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms (guilty as charged), many businesses started venturing into the digital realm as well by giving employees access to the new digital tools like email, ftp file sharing, and early SaaS products.?
Organizations quickly learned that the burgeoning reliance on digital technology brought with it a new breed of risks. Early cyber threat techniques such as phishing, social engineering, viral worms and unauthorized network access could put confidential corporation information at serious risk and lead to loss of productivity and revenue.
The Rise of Cyber Insurance
Enter cyber insurance. The late 1990s witnessed the emergence of cyber security as a distinct insurance category. Starting in approximately 1997, insurers including Lloyds of London, began constructing new policies to cover business losses resulting from unauthorized access, data theft, productivity losses and other fallout from cyber events.
As the market for this new insurance rapidly expanded in the early 2000s, new insurers began to enter the market and the cost of premiums fell. 2018 however marked a global turning point in demand and a sharp rise in the cost of cyber insurance. The introduction of General Data Protection Regulations (GDPR) along with several very high-profile cyber breaches including British Airways and Marriott Hotels, led many organizations to acquire cyber insurance, and premiums soon began to skyrocket.
Now in 2023, cyber attacks, data theft, ransomware and other breaches are a pervasive problem across business sectors including healthcare, manufacturing, and finance. Experts calculated the average cost of a data breach in the global average cost of a data breach at 4.45 million USD, and 9.48 million dollars in the U.S. in 2023. That rise has prompted a surge in costs in cyber insurance rates of up to 100% Year-over-Year, as according to Lloyds of London.
Pentesting as a Cost-Saving Measure
In the face of these escalating premiums, businesses, especially smaller ones, grapple with a conundrum: pay the higher premiums at the expense of investing the money into other areas of your business, or forego cyber insurance and risk the huge cost of an uninsured cyber breach.?
This is where penetration testing, or pentesting, steps in. Just as driving a well-maintained car, and demonstrating that you are a safe driver can lead to lower car insurance premiums, proof that your organization’s digital assets and infrastructure have undergone pentesting and taking steps to remediate any issues it discovered, demonstrates that your organization is less likely to be successfully targeted by cybercriminals and therefore is a lower cyber risk. Conducting routine, high quality pentesting will make your company a better cyber risk and lead to lower premiums.
领英推荐
The Advantages Of Pentesting?
There are several ways that pentesting makes your organization a better cyber security risk, and thus a candidate for lower cyber insurance rates.
?
While proof of pentesting can be a positive factor in your favor, it’s important to note that premiums are calculated based on a comprehensive assessment of various factors, including the organization’s industry, size, cybersecurity policies, and historical cyber incidents. Additionally, the insurance market is dynamic, and practices may vary among insurers.
And Don’t Forget Red Team Testing Too!
Closely related to penetration testing is the more assertive approach of red team testing. While both assessments aim to fortify cybersecurity defenses, a red team takes a more aggressive stance, simulating sophisticated attacks to evaluate an organization’s resilience comprehensively. The value of red teaming lies in its ability to unearth vulnerabilities that might go unnoticed in traditional pentesting scenarios, providing a more rigorous evaluation of an organization’s security posture. To delve deeper into the benefits of red team testing, explore our comprehensive white paper, “Our Red Team Penetrated an “Impenetrable” Fortune 500 Company.”
Pentesting as a Strategic Financial Decision
Pentesting isn’t merely a security measure; it’s a strategic financial decision. While primarily the realm of CISOs and their security teams, savvy companies recognize its broader financial impact. As cyber threats evolve, pentesting remains a vital tool in mitigating risks, securing financial stability, and ensuring cyber insurance affordability. Furthermore, it serves as a proactive step that can directly influence cyber insurance premiums, showcasing a commitment to risk management and enhancing an organization’s overall insurability.
Originally published here: https://holisticyber.com/blog/pentesting-save-you-money-on-insurance/
Founder @ Pink Media | Digital Marketing
11 个月Michael, Thanks for sharing!