If you want to have a shot at qualifying for cyber insurance and get the best possible rates, you have to show that your company is effectively managing cyber risks. Unfortunately, it’s getting harder and harder to get cyber insurance even if you’re trying to renew an existing policy. If you don’t believe it, just have a look at a current application.
When they’re considering your risk profile, insurance underwriters want to know what security controls you have in place. The answers to the questions on the application get technical really fast. In fact, most insurance companies are asking you to consult your IT department in order to complete the form.
If you’re the executive signing the application, you’re going to have to attest to the accuracy of the information so in any case, it’s a good idea to get technical expertise to interpret and complete your cyber insurance application.
You don’t want to be like the CEO of an Illinois manufacturing company who signed a cyber insurance application but then had a claim denied because they weren’t actually using all of the security controls that they indicated they were. (Here’s the story on Insurance Journal.)
Cybersecurity Controls That Underwriters Are Looking For
What’s on the application? That depends on the insurance company and what you’re applying for, but here are a few components of your security strategy that may be found in the list of must-have cybersecurity tactics:
- Multi-factor Authentication (MFA)
- Endpoint Detection and Response (EDR)
- Email Filters
- Managed Detection and Response (MDR)
- Systems Hardening
- Network Segmentation
- Security Information and Event Management (SIEM)
- Immutable Offsite Backups
- Mobile Device Management (MDM)
- Incident Response Plan
- Cybersecurity Awareness Training
- Security Policies
Cyber insurance applications will also ask for information that describes the kind of information you gather and store. You can also expect many of the questions to pertain to your policies that govern how data is accessed.
If you’re getting the idea that there’s a lot involved with applying for cyber insurance, you’re right. You shouldn’t just ditch the idea of applying for insurance just because the application process is complex. In fact, getting this type of insurance isn’t optional if it’s required by your customers or regulatory compliance.
Cyber Insurance Benefits
Let’s look at the benefits you can generally expect to get from cyber insurance in exchange for the work and investment that goes into the application process.
*Please note that this is a general benefit listing. Refer to your insurance rep for specific information about recommended coverage as well as policy inclusions and exclusions.
Clean Up and Restore Operations
At its very basic level, cyber insurance will help to cover the costs to get your business up and running again. This should include costs to get your equipment cleaned and operational, as well as restoration of your data to a level where you can resume basic business operations.
Business Interruption Costs
Your policy may cover costs incurred while your business is down, both while the attack is happening and while your IT team is working to restore your IT systems and data.
You may have other financial losses in addition to those caused by downtime. When your reputation is damaged, it can be hard to stay competitive because you’ve lost the trust of customers and prospective customers. You may also find it more difficult to find and retain employees.
Legal Costs, Penalties and Damages
You may have legal costs and penalties if the incident exposes confidential data that belongs to your customers, vendors or employees. Exposing intellectual property of customers can result in legal proceedings to collect damages associated with loss of their competitive advantage. In the case of individuals, you may need to pay for a service to provide alerts if personal data shows up on the dark web.
Many cyber insurance policy holders get access to a professional communications team to guide in reporting the incident and crafting the messages that need to be conveyed to different audiences – from customers, vendors and employees to law enforcement and the media.
Forensics and Incident Investigation
An investigation of the incident may be included in your policy. The work of a forensic team to determine the cause and extent of the breach is important so that you know what to do to prevent the same thing from happening again.
Cybersecurity “Health” Benefits
As you’re contemplating the cyber insurance application process and benefits you can expect from being insured, there’s something else that you should consider and that’s your cyber risk posture. By beefing up security and including cyber insurance in your security strategy, you’re actually improving your ability to prevent, respond and bounce back from cyber threats and attacks. That’s what organizations need to build sustainable businesses in the modern world.
Did you know that resiliency is actually the goal of cybersecurity? It is, because no one can ever 100% guarantee that you’ll never have an intruder incident or a data breach.
Managed Cyber Defense Against Modern Threats
Here at Bellwether, our clients call on us to not only help them navigate through the complexities of cyber insurance applications, but to build a cyber defense that’s suited for their unique risk profile. By partnering with us, they get access to all the cybersecurity expertise and technologies they need. The result is that business leaders have confidence that they’re doing everything they can to effectively manage cyber risks.
If that’s not what you’re getting from your internal or outsourced IT team, it’s time for something better.
Get in touch to schedule a cybersecurity assessment.