IT Support Indianapolis 317-497-5500
IT Support Raleigh 919-890-8088
IT Support Atlanta 678-263-4770
IT Support Fairfax 703-344-7760
Request a Quote
OCT 12
Neglected Software Vulnerabilities and Their Costs

Neglected Software Vulnerabilities and Their Costs

October 12, 2023
Cyber insurance is essential for the internet-connected business. Yet, when was the last time you reviewed your policy? You may find new text outlining coverage for neglected software vulnerabilities. You may not even know what that involves. This article explains these vulnerabilities and how to avoid their associated costs.rnrnCyber insurance typically helps cover the costs associated with the following common risks:rn
    rn
  • network security failure;
    • rn
  • class action litigation;
    • rn
  • regulatory fines related to violating standards or privacy legislation;
    • rn
  • business interruption.
    • rn
rnStill, cyber threats always evolve. As a result, insurance companies continually rewrite their policies to cover risk areas. More insurers are adding neglected software vulnerabilities to their policies. Here’s what that means for your business.rn

What is a neglected software vulnerability?

rnKeeping your software current is an important best practice. It’s your responsibility to check for vulnerabilities and protect your systems. The National Vulnerability Database (NVD) informs businesses globally of known threats and patches available.rnrnPatching the vulnerability helps prevent business losses, yet you may not be able to do so right away. You may need to test the update’s compatibility and capacity before installing it.rnrnStill, once the NVD publishes a vulnerability and its patch, many insurers give you 45 days. If you fail to address a known threat, that's considered neglect. The longer you neglect that vulnerability, the more responsibility you’ll bear.rn

The costs of a neglected software vulnerability

rnSoftware vulnerabilities can lead to network failure, business interruption, and liability. You could end up needing to cover:rn
    rn
  • IT forensics;
    • rn
  • data restoration;
    • rn
  • legal expenses;
    • rn
  • lost profit;
    • rn
  • credit monitoring and identity restoration;
    • rn
  • expenses for implementing workarounds.
    • rn
rnYet insurers cover neglected software vulnerabilities on a sliding scale. Once you know about a vulnerability, you're expected to patch it. So, the longer you wait, the more you'll pay.rnrnChubb, for example, shifts more risk to their policyholders after 46, 91, 181, and 366 days. The limit of insurance covered might start at $1,000,000 with zero percent coinsurance costs. For neglected exploits 46–90 days old, the coverage falls to $500,000, and coinsurance increases to five percent.rn

Addressing software vulnerabilities

rnCybercriminals continue to exploit publicly known vulnerabilities. Why? Because organizations continue to neglect patching and upgrading against known security risks.rnrnYour attack surface grows when your business adds applications, merges with another organization, or allows employees to bring their own devices to work. Using legacy software that has reached it’s end of life can also leave you vulnerable.rnrnScanning your software for vulnerabilities could expose many risks. You may need to prioritize which to patch first. It can help to consider which ones pose the greatest risk to your mission-critical systems.rnrnLack the expertise to detect and mitigate vulnerabilities? A managed service provider can help keep your software up to date to prevent exploitation. Contact us here or give us a call at 317-497-5500 today!rnrn