Agile Underwriting Services is warning organisations that basic cyber security measures are no longer sufficient to protect against cyber crime as ransomware is now sophisticated enough to bypass minimal security.

Hackers, spammers, bots and malware – including ransomware – all threaten digital information and Agile, which offers a range of cyber insurance policies, has produced a new white paper to help brokers understand the issues and outline them to their clients.

It recommends making use of advanced endpoint protection (AEP) to better protect data.

“Diligent, iterative risk management is the key means by which organisations, large and small, can keep the threat at bay,” Head of Cyber and Emerging Risks James Crowther said.

“You can never protect against everything, but the more secure you are, the better your chances of recovery if disaster strikes.”

Traditional, reactive endpoint security tools, such as firewalls and anti-virus software, depend on known threat information to detect attacks, Mr Crowther says, while AEP uses proactive technologies, such as machine learning and behavioural analysis, to identify potential new or complex threats.

AEP can isolate and shut down threats quickly and prevent them moving to another device on the network.

“AEP is a critical element of IT security because any endpoint – whether a desktop PC, a printer, or an industrial control – is a potential gateway into a network,” Mr Crowther said.

Agile says all organisations should implement four key factors: continuous cyber awareness training for employees, multi-factor authentication, sophisticated data back-up procedures and advanced endpoint protection.

An explosion in offsite working has prompted an increase in due diligence for underwriting cyber risks and Mr Crowther says it is likely underwriters will soon make resilience training mandatory for obtaining cyber risk insurance policies.

Multi-factor authentication is one of the most effective ways to protect against unauthorised access to information and accounts, requiring two or more proofs of identity before granting network access.

Agile conducts deep-dive audits into clients’ business operations to identify areas of vulnerability and suggest remediation, including a range of back-up options to ensure business continuity if a main network is compromised.

“In high-risk areas, we take a mature approach to eliminating 90% of the risk and developing a premium for the 10% that remains potentially vulnerable,” Mr Crowther said.