The relationship between cybersecurity and the cyber insurance industry was on full display at Black Hat USA 2024, highlighting how cyber insurance can serve as both a safety net and a catalyst for advancing security practices and standards.
During a dedicated afternoon session at the event, cyber insurers shared their insights on cybersecurity, the evolving threat landscape, and the implications for organizational security. The presentations shed light on the changing landscape of cyber risk insurance, emphasizing the shift from human-based underwriting to machine-augmented, continuous monitoring of digital inputs.
One notable statistic shared at the event was from Coalition, a specialized cyber insurer, which claimed to have helped insured policy holders resolve 74,000 vulnerabilities, leading to a 64% reduction in claims. This proactive approach to vulnerability management is crucial in an environment where the time to exploit a vulnerability can be as short as 22 minutes after disclosure.
By leveraging data from pre-insurance questionnaires and scanning, insurers gain unique insights into a company’s cybersecurity posture, enabling them to identify potential vulnerabilities and provide targeted recommendations for improvement. This data-driven approach also allows insurers to understand the specific details of a cyberattack, including the method of entry used by cybercriminals.
The presentations also highlighted changes in attack vectors over the past year, with phishing remaining a significant threat alongside attacks exploiting Remote Desktop Protocol (RDP) and virtual private networks (VPNs) without multi-factor authentication (MFA). The importance of MFA was emphasized as a simple yet effective security measure that can significantly enhance an organization’s defense against cyber threats.
One intriguing trend discussed at the event was a decline in the number of companies paying extortion demands in ransomware attacks. This shift underscores a growing awareness of the risks associated with ransom payments and the importance of exploring alternative strategies for mitigating cyber threats.
Overall, the insights shared at Black Hat USA 2024 underscored the evolving role of cyber insurance in shaping cybersecurity strategies and driving improvements in security practices. By combining cyber risk insurance with advanced cybersecurity solutions, organizations can enhance their resilience against cyber threats and improve their chances of surviving a cyberattack.