Companies using a managed detection and response (MDR) provider cut their average response time to a cyber incident by half and saw a proportional – and dramatic – reduction, according to an analysis of insurance claims data. the impact of each accident. At least one cyber insurance company is considering offering discounts on policy premiums based on the type of technology the organization has in its environment.
According to cyber insurance firm Coalition, by adding the skilled skills of cybersecurity professionals to leading endpoint detection and response (EDR) platforms, companies have had fewer incidents, and the incidents they have had have been less severe. Based on the analysis, the company offers cyber insurance premium credits for its policyholders depending on whether they have implemented MDR and which one, says Tiago Henriques, vice president of research for Coalition.
“What we see from our data is that there are a number of key security controls that actually move the needle,” says Henriques. “We will try to focus our policyholders on spending their money on things that really matter: no more buying flashing lights just for the sake of buying flashing lights, spending your money on things that actually improve your safety.”
Unmanaged endpoint detection and response platforms, however, don’t deserve the discount, he says.
THE cyber insurance company results they are not surprising. Because cybersecurity and incident response experts regularly deal with security events, managed detection and response (MDR) services save customers significant time, reducing the cost of incident response and saving time for security professionals. cybersecurity, says Jeff Pollard, vice president and principal analyst at business intelligence firm Forrester Research.
According to the survey, the average customer tends to save 33 hours per incident to identify the actual malicious activity, 16 hours to investigate and determine its severity, and 16 hours to perform root cause analysis. Forrester survey data.
“Because these companies do nothing but provide MDR, they focus on building better integrations, increasing accuracy, and creating more automation,” Pollard says. “These are all things that the average SOC analyst within a company barely has time to do because they are so spread out.”
Data collection on company risks
Managed detection and response platforms are not the only ones recommended by cyber insurance providers. Last year, Coalition found that organizations using Google Workspace had only a 43% rate of financial transaction fraud (FTF) claims compared to companies using Microsoft Office 365, while insurance firm At-Bay found that companies using Microsoft 365 had double down on Google Workspace claims.
Insecure email systems are a major source of insurance claims, with business email compromise accounting for 26% of Coalition’s cyber claims and general email accounting for 41% of claims compensation from At-Bay. the companies said.
The Coalition plans to continue analyzing its numbers to determine what other technologies could lower claim rates, says the Coalition’s Henriques.
“We want to choose the best technologies that have the most positive impact for our customers, because that’s our incentive,” he says. “That’s right, we have a financial incentive for our customers not to get hacked, and if they do, the severity of the event is reduced.”
In its 2024 Cyber Threat Index released on February 21, the company also found that more than 10,000 companies are running instances of Microsoft SQL Server 2000, an end-of-life product reachable from the Internet. Additionally, Coalition will not insure companies with open ports for the Remote Desktop Protocol (RDP), due to the ease with which it can typically be compromised. Open door scanning increased 59% in 2023, the company said.
Insurance companies as cybersecurity auditors?
Overall, the data-centric approach to insurance pursued by insurtech companies like Coalition could lead to the collection of more accurate data on which cybersecurity products work and which don’t. Policy savings could put cyber insurance companies on the path to recommending specific solutions to businesses that lead to fewer – and smaller – claims.
To some extent, this discussion is already underway, says the Coalition’s Henriques.
“Our clients come to us at the end of the day and say, ‘I have X amount of budget to spend on InfoSec next year, what technology should I choose for backup, … who should do EDR?’ do MDR?” he says. “And if you work with a modern insurtech that uses data familiar with cybersecurity services, yes, you should contact your cyber insurance provider and ask for this advice.”
However, more secure technologies may not be worth the policy savings, says Forrester’s Pollard. While everything will eventually become a service, because the skills to operate and maintain the technology are not widely distributed, whether they make sense for a specific business depends on the economic situation, he says.
Ultimately, companies may have to accept higher premiums for their particular IT environment, or you may not be able to get any insurance.
“I don’t think cyber insurers will lead to better products, but we have predicted that they will become less willing to insure unreliable or problematic cybersecurity products that have numerous issues or vulnerabilities,” he says.