As cyber threats continue to evolve and increase in frequency, New Zealand businesses are increasingly turning to cyber insurance to mitigate their risks. Here's what Kiwi organisations need to know about cyber insurance and how to potentially reduce their premiums:
What is Cyber Insurance?
Cyber insurance, also known as cyber liability insurance, is a contract that businesses can purchase to reduce risks associated with online operations. It covers an organisation's liability for data breaches and other cyber security incidents.
Why is it Important for NZ Businesses?
According to the National Cyber Security Centre's 2022-2023 Cyber Threat Report, New Zealand experienced record-high levels of financially motivated cyber activity. With the growing sophistication of cyber attacks, even small and medium-sized enterprises (SMEs) are at risk.
What Does Cyber Insurance Cover?
- Typical coverage may include:
- Data breach costs
- Business interruption losses
- Cyber extortion expenses
- Legal fees and damages
- Public relations expenses
Challenges in Obtaining Cyber Insurance
The cyber insurance market in New Zealand is facing significant challenges:
- Insurers are implementing more detailed assessments of IT systems
- Some insurers have reduced coverage limits or withdrawn cover altogether
- Large firms (revenue over NZD100 million) face particular scrutiny
How to Potentially Lower Your Cyber Insurance Premiums
1. Implement Strong Security Measures: Adopt the Essential Eight framework recommended by the New Zealand government.
2. Use Modern Multi-Factor Authentication (MFA): Implement phishing-resistant MFA across your organisation.
3. Adopt a Zero Trust Architecture: This approach can present your cyber insurance application more favourably.
4. Provide Cybersecurity Awareness Training: Regular training for employees can keep staff vigilant to common cyber threats.
5. Conduct Regular Penetration Testing: This demonstrates a proactive approach to identifying and addressing vulnerabilities.
6. Implement Robust Data Backup and Recovery Systems: Having reliable backups can reduce the impact of potential breaches.
7. Stay Compliant with Regulations: Ensure your organisation meets relevant data protection and privacy standards.
Remember, while cyber insurance is an important tool for risk management, it should be part of a broader cybersecurity strategy that includes robust technical controls, employee training, and incident response planning.