In advance of adding or renewing cyber security coverage to your business insurance policy, it’s wise to go in educated about what the underwriters are looking for when they are determining your premium. In many cases, the amount you can save on your annual premium will more than pay for the cost to implement some of the solutions and policies that they look for in application that you don’t have in place today. Bonus: In implementing some of these controls so you are better protecting your company from cyber security threats.
What we are seeing out there is that the insurance agents are positioning cyber coverage to their clients (as they should) but most agents still do not understand the cyber industry to have a consultative discussion. Additionally, those who are buying the policy do not understand their actual risk to cybercrime to their company to ask
the right questions. That lack of knowledge by both parties results in the decision to be purely a financial/cost decision and less based on actual risk exposure. Therefore, little to no action is taken to mitigate cyber risk exposure. And an insurance claim should be the last resort when it comes to managing cybercrime, not the strategy.
In many ways, cyber security insurance is still the wild west. Often incidents go unreported due to fear of loss in brand equity and reputation or other reasons and therefore the historical data is often incomplete. The insurance claims on cyber insurance incidents are still being adjusted and determined as we go, and of course the threats are always changing. Across the board there is a dearth of information in the insurance industry regarding cyber in an otherwise mature industry of business insurance.
So let’s get into it, here are the common items insurance providers are looking for across all industries that will impact the amount of your premiums:
1. Does your organization require employees to follow written computer and information systems procedures?
2. Does your organization of the following controls: commercially available firewall protection and commercially available anti-virus? Some underwriters will require you provide the make and model. Hint: not all firewalls are alike, Next Generation Firewalls (NTFW) provide a much higher level of protection than traditional firewalls.
3.Does your organization terminate all computer access and user accounts as part of the regular exit process when an employee/contractor leaves the company?
4. Does your organization take credit cards and what percentage of your revenue is from credit card transactions. More importantly, is your organization compliant with applicable data security standards such as PCI standards.
5. Does your organization have and enforce policies concerning the encryption of internal and external communication and data?
6. What is your organization’s strategy for backup of data storage
7. What are you content controls around your website? Does your organization have a procedure for responding to allegations that published content by your organization is libelous, infringing, or in violation of a third party’s privacy rights? Has your content been screened for all trademarks and service marks for infringement of existing marks prior to first use?
In addition to these common questions, there may be more industry specific questions especially in highly regulated industries like healthcare and financial. We also expect these questions to change and evolve as the insurance industry matures in with this type of coverage, claims are paid out, and as the cyber threats change.
If this leaves you with more questions than answers about your organization’s current cybersecurity posture, it’s okay you’re not alone. Nocserv offers services in these areas to confidently fill out your application that you are a low risk to the underwriter and your organization is best protected from cybercrime.
sign up here for a free cyber security scan on your network: www.nocserv.com/getstarted. Nocserv will get you the information and data to help you understand where you current risks are for your company. Once we have that data, we can have an informed discussion and make recommendations on areas you can better improve your cyber security strategy while often decreasing your insurance premiums.
Please visit our cybersecurity services page to learn more about how Nocserv can help your business with your cyber strategy:
We also have a partnership with Cyber Security Insurance expert Jason Jimenez www.jasonjimenezinsurance.com that can help us develop the right policy for your business. Please see below for a presentation by Jason Jimenez on April 11th on this topic:
ABOUT NOCSERV: Nocserv delivers professional managed services to keep your IT systems running so you can focus on growing your business. Because our service automation systems are cloud-based, we are able to deliver our services at a lower rate without sacrificing our excellent quality of service.
Source: New feed