When you read the news or simply turn on the television, cyber security is a much bigger problem today than most of us would ever have imagined. ACP is receiving an unprecedented number of requests seeking help with some form of ransomware or cyberattack. Yet because there is such a stigma and so much embarrassment surrounding these attacks, many more of these incidents go unreported and unaddressed. What we do know is that these local and regional attacks are causing costly downtime, tens of thousands of dollars in recovery costs. Worst of all, research suggests that more than half of all small to medium-sized organizations impacted by a cyberattack fold within six months of the attack.
To help mitigate a portion of the financial risk of cyberattacks, many organizations are turning to cyber insurance. Cyber insurance is an insurance product designed to help businesses hedge against the potentially devastating effects of cybercrimes such as malware, ransomware, distributed denial-of-service (DDoS) attacks, or any other method used to compromise a network and sensitive data. Also referred to as cyber risk insurance or cyber security insurance, these products are personalized to help a company mitigate specific risks.
Although we’re not in the business of selling insurance here at ACP, we are passionate about promoting cyber security best practices – especially when it comes to keeping your business safe. If cyber insurance is something your organization is looking into, here are five things you’ll want to consider before making your decision:
- Identify the cyber risks – There are more than a dozen different categories of coverage available for cyber threats. These can include a range of online and offline risks, spanning everything from data breaches to theft of corporate assets. By identifying these specific pitfalls upfront, you’ll be able to find the insurance that best meets your organization’s specific needs.
- Understand the policy coverage – Your existing insurance policies might be very complementary to these new cyber policies. Or it might not. Some businesses might also require a combination of products to get adequate coverage. It’s important to understand how each product could benefit your organization in the event you become liable for a data breach.
- Consult a professional – Damages resulting from cyber liability can be difficult to quantify and grasp. Translating cyber risks into a financial model is a key step in ensuring adequate coverage. If you don’t have the resources in-house, consider seeking guidance from a professional broker or subject matter expert who understands both worlds of business and cyber security risks.
- Know the claims process – Understanding the claims process when selecting cyber liability insurance is critical. Each insurance provider has processes set up for vetting a claim’s authenticity, along with a general timeline for which funds can be paid. If a data breach happens, you’ll want to know how quickly assistance will become available.
- Be aware of other insurance perks – While monetary relief is helpful, some insurance companies provide extra benefits such as cyber investigators or public relations firms. Finding out whether your coverage includes these services can help you manage the aftermath of a breach with greater ease and polish.
Managing Risk Beyond the Insurance
Cyber risk insurance can be a great way to mitigate the damage caused by a breach, but it should complement cyber security technology as part of an overall cyber risk management plan. Cyber risk insurers analyze the strength of a company’s cyber security posture before issuing any policy. Strong security postures allow for better coverage and, in some cases, access to coverage enhancements. On the flip side, a fragmented enterprise security strategy can make it difficult for insurers to fully understand an organization’s security posture. This can result in inadequate or poorly targeted insurance purchases by insured companies. Even as insurance premiums skyrocket, business insurers are demanding in-depth threat assessments prior to approving or renewing coverage, imposing higher standards for preventative controls, and requiring layers of cyber security protection measures across their clients’ organizations. Organizations which fail to meet and maintain compliance with these insurance requirements will find (sometimes too late) that their claim eligibility determination is significantly delayed or rejected outright. It bears repeating… you need to have a strong security posture first! If your business has not invested in the appropriate cyber security solutions, then you may not qualify for insurance, or it could be limited and expensive.
By choosing to subscribe to cyber insurance you are transferring a portion of the risk to another entity, but you still need to do your part to avoid being an easy target and to minimize other risk factors within your organization. One of the best ways to do this is by reviewing your organization’s current cyber security posture with a trusted, experienced technology partner who can objectively assess and provide guidance to strengthen your cyber security systems and policies using their expertise. ACP’s cyber security solutions are designed with multiple security layers and we employ advanced authentication and encryption technologies. We help you understand the threat actors and assess potential security risks, while our comprehensive approach assists you in mitigating that risk and building a defense-in-depth strategy to achieve greater cyber resilience.
If you’d like to know more about how ACP’s cyber security services can benefit your business, reach out anytime — we’re local, friendly, and here to help protect what you’ve worked so hard to build!
Written by Christopher Dean of ACP CreativIT/Citon Computer Corp.
Acknowledgements include: Mathieu Chevalier, Genetec, Inc., Travelers Indemnity Company, and the Journal of Cyber Security