Cyber insurance rates for universities are astronomical--here’s what institutions can do to manage it and gain network security.

3 ways to manage your institution’s cyber insurance

Cyber insurance rates for universities are astronomical--here’s what institutions can do to manage it

For a service designed to give consumers peace of mind, cyber insurance has become a convoluted and contentious subject. The skyrocketing rates of cyberattacks necessitate a parallel increase in cyber insurance costs. Paradoxically, this trend is forcing many higher education institutions to abandon their insurance plans just when they need coverage most. 

A Perfect Storm

The abrupt, sweeping shift to telework in 2020 cast a harsh light on cybersecurity vulnerabilities throughout the nation’s higher education institutions. The education sector now suffers the overwhelming majority of malware encounters when compared to the financial and corporate sectors. Alarmingly, the increase in ransomware attacks against higher education institutions in the first year of the pandemic was so significant that the FBI’s Cyber Division released an advisory on the subject in March 2021.

Another contributing factor to this increase is that cybercrime has become relatively easy to perpetrate with modern technology. The tools and skills necessary to implement a ransomware attack are so rudimentary that some malicious actors cannot even retrieve the data they have stolen once a victim forks over the ransom. Of course, there is no refund policy for cyber-attacks, and therefore the victim is left without data or money, and the information they paid top dollar to get back is floating around in cyber-space.

Higher education institutions are a perfect target for cyber criminals given the confidential, groundbreaking research they conduct, and the minimal safeguards in place to defend that valuable information.

Moreover, the collaborative nature of universities promotes information sharing, whereas the access restrictions of security strategies like zero trust can create friction in the information sharing process.

Steps Institutions Can Take Now

Certain best-practice recommendations have become requirements for institutions interested in obtaining or maintaining their cyber insurance.

Recent attacks against the likes of Howard University, University of California San Francisco, University of Massachusetts Lowell, and many more have shown that with or without cyber insurance, changes to current security protocols must be made, and hastily. 

1. One substantial change universities and colleges can implement to defend themselves is to limit the number of users in their network with administrative rights. Bad actors often seek to obtain credentials through phishing or malware schemes to gain entry to a network and the data within it, and since privileged credentials can access the most data, they are the most valuable.

eSchool Media Contributors
Latest posts by eSchool Media Contributors (see all)