{"id":59751,"date":"2022-03-01T11:00:00","date_gmt":"2022-03-01T16:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=59751"},"modified":"2023-08-30T08:55:22","modified_gmt":"2023-08-30T12:55:22","slug":"legacy-servers-are-a-cyber-insurance-preexisting-condition","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/legacy-servers-are-a-cyber-insurance-preexisting-condition","title":{"rendered":"Legacy Servers Are a Cyber Insurance Pre-existing Condition"},"content":{"rendered":"\n

Ransomware is a multi-billion dollar<\/a> a year racket and attacks against small and medium-sized enterprises (SMEs) are on the rise<\/a>, costing companies between $25,600 to $200,000<\/a> on average. The insurance industry is stepping in with cyber insurance policies<\/a> tailored to help SMEs recover; but, as with any plan, there\u2019s an underwriting process to avoid adverse selection. Insurance companies aren\u2019t in business to just give money away and don\u2019t want too many \u201csick\u201d clients.<\/p>\n\n\n\n

Insurers determine whether an SME is worth the risk by assessing where there are sufficient security controls and patching strategies in place. They\u2019ve recently keyed in on several high-profile software vulnerabilities related to Microsoft Exchange Server, for example. Exchange\u2019s presence, and the absence of critical security updates for it, are being used as criteria to refuse coverage<\/a>.<\/p>\n\n\n\n

The assessment of risk doesn\u2019t begin or end with Exchange. A client asked me to help her fill out an application for cyber insurance that services the legal industry and questions ranged from the usage of technical controls such as multi-factor authentication (MFA)<\/a> and email security to least privilege computing. However, several legacy products and solutions were also explicitly called out:<\/p>\n\n\n\n