Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Cyber insurers are starting to require lateral movement defense. Here’s why

By John Anthony Smith
insurance-freepik1170x658v47.jpg

Image by Freepik

June 23, 2022

We often define the risks of cyber threats with huge numbers, like the $4.62 million average payment after a ransomware breach or the 623.3 million ransomware events in 2021, by one report’s estimate, which it said was a 105% increase over 2020. Those big figures aren’t the only consequence of lax security.


Cyber insurers are ready to drop coverage and stop writing new policies if companies don’t up their security game. 


We have already seen insurers halve the amount of cyber coverage they provide to customers as a result of big ransom payouts. According to the most recent report on cyber insurance by the National Association of Insurance Commissioners, the loss ratio for the top 20 insurance groups in 2020 averaged 66.9%, up from 44.6% in 2019. 


As a result of their big losses, insurers are raising premiums and starting to require customers to defend against lateral movement — when an attacker breaches a network, then uses privileged credentials to propagate — with tools like multi-factor authentication (MFA) on internal assets and endpoint detection and response (EDR).  


EDR is only part of the solution — it is the minimum requirement. Most companies don’t know they need lateral movement defenses or how they might be tied to their insurance coverage; many believe having EDR and MFA is enough. If organizations want to purchase or keep cyber insurance, here’s what security leaders should know and put in place.


How threat actors move laterally

Lateral movement is involved in just about every security breach. Threat actors land on an endpoint, harvest the most privileged credentials and leverage them to move throughout the environment, hopping from servers to storage infrastructure and finding whatever sensitive data they can. 


PrintNightmare, the Microsoft print spooler remote code execution vulnerability, is one example. As the Cybersecurity and Infrastructure Security Agency (CISA) explained in an advisory, Russian state-sponsored hackers exploited the vulnerability and a misconfigured account with default MFA settings to breach a non-government organization.  


Threat actors are also harvesting privileged credentials through password caches that live on endpoints. Very few companies are limiting endpoints’ password caches, giving attackers an easy means to collect sensitive credentials. Once attackers access the endpoint, they crack those caches and start logging into servers and moving wherever they’d like. 


Cyber insurance carriers are now requiring customers to have MFA not just on network ingress points, but also to access critical assets internally. If organizations have proper lateral movement defense, zero day vulnerability risks will be limited in their ability to allow threat actors to move laterally because any authentication event to gain administrative control will prompt an MFA challenge even though they’re already inside the network.


How companies can fight back

There are two ways to satisfy the requirements that insurance carriers are starting to make, but organizations and their security teams should be doing both. 


The first is to deploy MFA not just on endpoints or remote desktop protocol (RDP) but also on other applications like PowerShell, Microsoft Management Console, universal naming convention paths, and Windows Remote Registry. Essentially, anything that can remotely control a server needs to have MFA applied.


A second way to limit lateral movement is the concept of “jumping,” which is also referred to as jump box, jump host, or jump server. In this scenario, organizations can configure servers, storage, switches, routers, and firewalls to only be administered from specific IP addresses. But it’s not enough to just have a jumping platform; it needs to be supplemented with a privileged access management (PAM) tool and a password vault. 


Those vaults would then change passwords regularly, so all highly privileged accounts are continuously updated. That way, if the IT admin needs to log in, the tool actually injects the passwords into the remote access connections, so the admin never has to know what the privileged passwords are.


A new marketplace for cyber insurance

Requiring extra controls is just one part of cyber insurers’ attempts to limit their own risk as demand for coverage continues its steady hike. 


Last November, Lloyd’s Market Association’s (LMA) Cyber Business Panel drafted four policy exclusion clauses that broadened the definitions of War, Cyber War, and Cyber Operation. Merck was recently awarded $1.4 billion in a legal dispute with its insurer over whether being hit with a NotPetya attack was an act of war. Ransomware payments are rising, and insurers are looking for financial relief. 


All this has changed the marketplace for insurance and how companies get coverage. 


In the private sector, it’s usually the chief financial officer, chief of risk, or general counsel that makes the determination on cyber insurance. In government, it’s typically the general counsel, prosecutor’s office, or county/city’s legal office. None of those titles are synonymous with IT practices or security principles. Often, the right questions are not asked when talking with insurance carriers, as those managing the policies don’t fully understand the risks until they get an assessment from a cybersecurity professional.


Business leadership — including risk managers, general counsel and executives — should require, at minimum, an annual technical control assessment to regularly present the risks at play within their associated organizations.

KEYWORDS: cyber security insurance risk management security vulnerabilities

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jas1

John Anthony Smith is CEO of Conversant Group.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • security-network-protection-freepik1170x658.jpg

    Protecting the enterprise from lateral movement attacks

    See More
  • healthcare 3 responsive default

    Health agencies are gathering data to combat COVID-19: Here’s why that might be a problem and what to do about it

    See More
  • 5 mins with Wade Lance

    5 minutes with Wade Lance - Ransomware and lateral movement

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing