Business insurance is fairly mainstream for most organizations these days, but cyber insurance is a newer concept. If you are interested in learning more about protecting your business from cyber attack, cyber crime or data breaches, this blog will teach you more about cyber insurance coverage.
The guidance outlined below is sourced from the National Cyber Security Center (NCSC). It provides seven key cybersecurity questions for companies, in order to assist business owners to make informed decisions around cyber insurance. The questions come directly from the agency, the comments are from the experts at Alliance IT.
- What existing cybersecurity defenses do you already have in place? At this point, every company should have firewalls in place on their networks, anti-virus software installed on each of the company devices (don’t forget mobile devices which leave the company location), and some form of monitoring to protect you should an event occur. Many people have chosen to outsource all or part of their network to managed services companies which will assist in setting up your onsite network, as well as taking over responsibility for monitoring and protecting your data in real time.
- How do you bring expertise together to assess a policy? While many organizations leave these types of decisions to the IT team, in reality all of your executive and managers should understand the need for cyber insurance. From the CEO, to the legal team, and the head of customer service – everyone has a stake in understanding how cyber crime can affect their business sector, as well as the company as a whole. Obtaining budget is easier when everyone understands the risks and the benefits of coverage.
- Do you fully understand the potential impacts of a cyber-incident? Again, everyone invested in the company should hear the statistics – of potential money lost, legal vulnerabilities, lost business now and in the future. Once the true effects of cyber crime in 2020 are understood, team members will be more motivated to act in order to protect the company on all levels.
- What does the cyber insurance policy cover? Typically, cyber insurance will provide coverage for financial losses that result from data breaches and other cyber crimes. The coverage generally pays the costs your firm directly incurs as result of the event, such as the expense of informing your customers about a hacker attack; as well as costs for recovery and retrieval. There may also be provisions to cover claims against your firm by people or companies that have been injured as a result of your actions or failure to act.
While experts concede that not everyone needs cyber insurance, the exercise of assessing the current state of cyber-preparedness is positive for any organization. The assessment should provide a more comprehensive understanding of
- Steps that need to be taken from a risk management point of view
- Who needs to be involved from the company side; ultimately cyber is an enterprise risk
- Roles and benefits of insurance broker or agents
- Overall information needed by insurers to be able to properly determine and cover risk
Experts Say: “Cyber-risk is a growing concern for organizations around the world, as data breaches make headlines with increasing frequency and the resulting financial and reputational costs mount. Risk management as an effective way of addressing these concerns is absolutely key for all organizations during these times of pandemic and recession. Increasingly we have seen companies turning to insurance as a means of mitigating costs associated with breaches and the rise in ransomware amongst other threats has pushed many boards into considering cyber insurance. However, insurance is no excuse for poor security and focus should first be on ensuring a robust security posture that reflects the needs of the organization before rushing headlong into taking out insurance as a means of mitigating risk.” Steve Durbin, managing director of the Information Security Forum
Experts recommend that companies implement a robust, scalable and repeatable process to take on information risk, and securing an insurance policy may be your organization’s next step. If you need professional guidance, call Alliance IT. We are here to help Sarasota area businesses sort through it all.
