Insurance policies for cyber security have been around since the beginning of the 2000s. Companies that went online needed protection against the risks of evolving cyber-security threats. A Cyber insurance coverage is only an initial step you and your business must be aware of the insurer’s expectation of the company. If you do not, your claim rejected.
In common with professional insurance policies, cyber insurance could have limitations which include:
rogue employees
wild-type virus
regulatory claims
Penalties and fines
Property damaged
Cyber insurers may not make payments when they discover “a failure to keep.” It could be “failure to adhere to” certain guidelines of care. It’s the cyber form of negligence. What does it actually mean?
Standards of care and expectations
Insurance companies need evidence that your business has taken appropriate precautions to guard against cyber attacks. If you aren’t able to prove that you have put in place robust security measures, you’re running the risk of getting denied claim.
Insurance companies aren’t going to be able to pay. Therefore, they’ll insist that you create a protection plan. This could be done internally or through a third-party service supplier (such such as managed service providers (MSP)).
Your security strategy should be thorough. It’s best to plan out every aspect of your technology to ensure that you know every point that requires security. The use of security software to protect your devices, for example will not be able to satisfy the insurance company. Include active tools for detection and response to your arsenal of tools, too.
You’ll also have to demonstrate that you’re protecting the supply chain. A breach that exposed 40 million credit and debit cards began at an online company’s HVAC vendor. Target estimates that the breach cost $202 million. It was 2013 however, the type of attack is still a serious risk due to the digital interconnectedness.
Insurance companies also require proof of the effectiveness of your training of your employees as humans are the weakest link. Your staff might not intend to be a criminal however, they may be those who have inadequate passwords, or missing devices, and may have downloaded malware.
Expect insurance companies to insist that you have:
encryption to protect data
multi-factor authentication makes it more difficult to gain access
Virtual private networks (VPNs) to ensure secure connectivity between internet and computers
regular data backup
Company policies and procedures to deal with cybersecurity incidents
Cyber insurance is evolving, too.
Because the cyber world changes constantly, insurance companies constantly adapting. They might have offered the coverage of a specific risk only to change their policies to reduce the risk a year later. This is another thing to keep track of while trying to protect the systems from cybercrime.
Have questions about your cyber insurance policy? An MSP will review your security policies and ensure you’re doing everything you can to keep your coverage. Our experts can also conduct periodic audits and provide evidence that you’ve done your best.
