Answering these cybersecurity questions correctly will lower your insurance rate and make your business more secure
-
-
-
-
-
-
- Do you have a formal Cybersec policy for all employees and is it enforced?
- Is multifactor authentication enforced companywide?
- Do you have a formal Disaster Recovery Plan?
- Who has elevated permission or Administrator access to the system?
- How are passwords safeguarded?
- Are you running a company-wide advanced threat detection and protection, and can you prove this?
- Do you have formal Cybersecurity training for employees?
- What kind of a firewall is your business using?
- Is there 2FA or MFA on your VPN connection?
- What is your BYOD policy and how do you keep your systems protected from these devices?
-
-
-
-
-
Cybersecurity Insurance has come a long way since it first popped on the scene for large enterprises in the 90’s. These days, this type of liability coverage can cover virtually anything related to a data breach, from fixing malware issues and dealing with compromised accounts, to remediating any costs incurred. As an small to medium size business owner, you’d be wise to consider cybersecurity insurance, especially if your business collects or holds consumer data!
Cybersecurity Insurance policies are becoming increasingly necessary, as data breaches continue to become more and more commonplace. Often times, vendors and compliance officers will require you to have cyber insurance before you can do business with them. This is designed to ensure that your business takes security seriously, and lets you know that your partner or vendor also does too. Cybersecurity insurance is designed for:
- Recovering compromised data,
- Repairing computer systems and providing personal identity monitoring services
- Not forgetting ransom payments or legal expenses incurred during investigation of any breach
Increase in Demand
Companies are quickly recognizing that cybersecurity insurance is just as necessary of a policy as their general business liability coverage. The average cost of a data breach can run up to $9,440,000 in the US alone. That is an expense far too great for most businesses without protection against cybercrime and other malicious acts on the web. Also, don’t look at this almost $9.5 million dollar cost and assume this number is just absurd, your business could never fall under this much liability. Although that may be true, cybercriminals don’t care what business you are in or how large your company is. Would $1000, $5,000, $20,000, or $100k in damages be detrimental to your company? Well, this is exactly what cyber insurance is there for in the first place, to make sure it can make your business whole again, regardless of the cost of the damages.
Sadly, these costs only seem poised to increase; however, this comes with one major upside: more options now exist when choosing a policy!
Who determines what type of attack that was anyways?
While obtaining certain insurance policies have become more laborious to find, a few providers are dropping indemnity for “nation-state” attacks. These assaults originate from governing entities and can be particularly daunting.
The nefarious forces of a government can reach everyone, whether you’re an individual or enterprise! 2021 statistics show that 21% of these malicious hacks targeted consumers and 79% went after businesses – yikes! Insurance policies are feeling the heat too. Some carriers have dropped coverage for such an attack. If your policy is leaving this out, the you had better look twice before signing it.
Insurance carriers are taking a stand against unruly clients, leaving them to their own devices if they get hit by ransomware. That means organizations have an even bigger responsibility than before when it comes to preparing for the worst with backup and recovery plans. If your business needs help developing a Disaster Recovery plan, (which is almost a requirement now to get Cybersecurity Coverage, AlphaCIS can help! We have worked with many insurance carriers and know exactly what they are looking for in order to make sure your systems are up to par and qualify for coverage.
Harder to get Cybersecurity coverage
Are you are convinced that you need cybersecurity coverage? Well not soo fast, just because you want cybersecurity insurance, doesn’t mean you’ll qualify for it. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances, especially on companies with poor cyber hygiene.
Some of the factors that insurance carriers look at include:
- Do you have a formal Cybersec policy for all employees and is it enforced?
- Is multifactor authentication enforced companywide?
- Do you have a formal Disaster Recovery Plan?
- Who has elevated permission or Administrator access to the system?
- How are passwords safeguarded?
- Are you running a company-wide advanced threat detection and protection, and can you prove this?
- Do you have formal Cybersecurity training?
- What kind of a firewall is your business using?
- Is there 2FA or MFA on your VPN connection?
- What is your BYOD policy and how do you keep your systems protected from these devices?
If you haven’t had the pleasure and the privilege of filling out one of these lengthy questionaries when applying for insurance, I will be the first to tell you its not a fun process for anyone involved…. Most of our clients typically pass this off to us, (AlphaCIS), in order to make sure its filled out properly and answered in a way that will ensure they get the coverage and that their premiums will be as low as possible. This is typically easy for us, because almost all of the things that insurance companies look for when determining qualifications are things we typically have already implemented for our clients. So, answering honestly, and offering up many details of the system we implement, goes a long way in getting the coverage our client is seeking.
If you don’t have a Managed IT Provider (MSP) or a Managed Cybersecurity Provider we recommend going through the checklist, typically Google is your friend here, to understand some abbreviations and exactly what the insurance carrier is asking for. I would recommend formalizing the above-mentioned check list as the base model, before applying for cybersecurity insurance!
Be Careful on the type of coverage! This can get tricky!
There are several types of Cybersecurity Coverage that are available today, including:
- Cyber Liability Insurance: This coverage protects businesses from financial losses due to data breaches, hacking, and other cyber attacks. It can also cover costs associated with notifying affected individuals, credit monitoring services, and legal fees.
- Network Security Insurance: This coverage protects businesses from financial losses due to network failures, data breaches, and other cyber attacks that target a company’s IT infrastructure.
- Cyber Extortion Insurance: This coverage protects businesses from financial losses due to extortion attempts, such as ransomware attacks, where attackers demand payment in exchange for returning stolen data or unlocking systems.
- Data Recovery Insurance: This coverage helps businesses recover lost or stolen data, and can also cover the costs associated with restoring systems and networks.
- Media Liability Insurance: This coverage protects businesses from financial losses due to defamation, invasion of privacy, and other media-related liabilities that can arise from a cyber attack.
- Crime and fraud insurance: This coverage helps business to recover losses from employee dishonesty and third-party fraud.
It’s important to note that these types of coverage can vary depending on the insurance company and policy. It’s always a good idea to review the specific terms and conditions of a policy before purchasing it. This is typically an independent agent that isn’t tied to just one carrier, and that has extensive and deep knowledge of cybersecurity insurance, with knowledge on how to calculate what kind and type of coverage your business needs.
If you are in the Metro Atlanta area, someone like Ralph Pasquariello is a great resource to speak with just to confirm that you have the right coverage for your business or if you have some questions regarding your coverage. Keep in mind independent agent such as Ralph don’t charge you for his services, carriers pay him directly, so speaking with an independent agent is a good way to get a second opinion, or to see if they can shop for a better deal for you business. Either way its a free resource and so if you know an independent agent, I would recommend to speak with them first.
Helpful Resources
If your business needs help getting ready to apply for Cybersecurity Insurance, or you just need some help understanding exactly what is being asked on the application, please reach out to AlphaCIS. We can help make sense, and explain in laymen’s terms, of the requirements, and point you in the right direction for any resources to help you along this process. Even if you don’t choose to use us to implement any of this, you will walk away with extra knowledge of exactly what to do, and all it will cost you nothing, but a few minutes of your time. 😊
So, you have a need for cyber insurance, or if you are trying to meet a compliance in your industry, please contact AlphaCIS Cyber Security Provider in Metro Atlanta Area or call us (678) 619-1218 and see how we can help!
Dmitriy Teplinskiy
I have worked in the IT industry for 15+ years. During this time I have consulted clients in accounting and finance, manufacturing, automotive and boating, retail and everything in between. My background is in Networking and Cybersecurity