Apr 27 2022

How to Keep Down Higher Ed Cyber Insurance Premiums

Regularly testing cybersecurity systems and maintaining compliance with government privacy regulations can help institutions control costs.

Once upon a time, cyber insurance companies were likely to insure almost any organization, regardless of its existing cybersecurity protocols. Now, it’s much more difficult for colleges and universities to get coverage.

Despite heightened concern about cybersecurity breaches due to ransomware, malware and phishing, many higher ed institutions are not properly equipped to respond to cyberthreats. And as security breaches continue to increase, colleges are paying more for insurance — when they can get coverage at all. Insurers are becoming increasingly selective about who they cover, causing some education customers to be denied insurance altogether.

With cybersecurity risk higher than ever before, insurance premiums are climbing too. According to Gallagher Risk Management, premiums will be up to 300 percent higher for organizations without proper security controls in place. So, if you want to keep your school’s premiums down, you’ll need to ensure its cybersecurity systems are in good working order — on paper and in practice.

DISCOVER: How to design a security architecture.

Test Your Cybersecurity Systems Regularly

In sports, varying defense measures are needed to combat varying offensive attacks. The same is true when it comes to cyberattacks, meaning that it is extremely important to test your cybersecurity systems.

Penetration testing is a great starting point. By simulating a cyberattack against your computer system, penetration testing helps reveal exploitable vulnerabilities among application systems. If your systems successfully defend against the attack, you pass the test. If not, you can then diagnose your system’s shortcomings and evaluate and implement solutions that will enhance your web application firewall security.

Click the banner below for exclusive content about cybersecurity in higher ed.

Testing your zero-trust architecture is also important. Even when cyberattacks are successful, a zero-trust approach reduces the average cost of a breach by $1.76 million; this can affect your premium.

Universitywide multifactor authentication testing is a key part of this. The zero-trust model works under the notion that it’s safest to operate without trusting anyone. Since careless and otherwise untrained insiders are the largest source of security threats at educational institutions — larger even than the general hacking community — it’s urgent to protect yourself against user negligence. The last thing you want is to be breached because a student lost a smartphone or an employee forgot to log out of the university system.

It’s important to test and evaluate all of your cybersecurity systems just as you would in preparation for a cybersecurity audit. The more your insurer trusts your cybersecurity infrastructure, the more likely you are to pay a lower premium, especially if you’re aligned with all government regulations.

FIND OUT: How McAFEE MVISION Unified Cloud Edge stands ready to enhance your security.

Maintain Consistent Compliance with Government Privacy Regulations

Biometric authentication through a fingerprint or a retinal scan might seem like a fantastic security measure. But such authentication practices can also get you into trouble if you don’t abide by continuously evolving security regulations.

Biometric privacy regulations will vary depending on where you’re located. For example, Texas’s biometric legislation does not permit “capture of biometric identifiers” without prior consent, and the California Consumer Privacy Act considers biometric data “personal information” and regulates it as such. Knowing these privacy regulations and maintaining consistent compliance with them is crucial to avoiding biometrics-related class-action lawsuits.

When it comes to insurance, meeting current and forthcoming privacy regulations can go a long way toward lowering your premium. These government regulations exist because the government wants to ensure that your school is protected. Abiding by the rules shows you’re committed to keeping students and faculty safe — and that’s what cyber insurers want to see.

RELATED: The difference between security, privacy and confidentiality.

gorodenkoff/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.