Checklist for Getting Cyber Insurance Coverage : Danna Bethlehem | Director, Product Marketing
As cyber criminals mature and advance their tactics, small and medium businesses become the most vulnerable because they lack the capacity – staff, technology, budget - to build strong cyber defenses. SMEs can quickly become easy targets for criminals wishing to target larger enterprises through complex supply chains.
The necessity for cyber-insurance coverage
With businesses becoming more and more digitized, they are exposed to greater cyber risks. And while organizations are taking steps to protect against cyber attacks, cybersecurity controls are not impenetrable. With cyber attacks amounting to a question of when and not if, cyber insurance becomes crucial for ensuring business continuity and mitigating the business impact of attacks – should they occur.
Cyber risk insurance covers the costs of recovering from a security breach, a virus, or a cyber-attack. It also covers legal claims resulting from the breach. According to the Sophos 2022 State of Ransomware report, 83% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack.
Compliance is another important reason for getting a cyber insurance. All companies are subject to state-specific data breach laws for collecting, processing, and storing personal data. Cyber insurance can help cover costs to comply with state, federal, and international laws as well as cover regulatory fines and penalties. Overall, having cyber insurance coverage is a demonstration of due diligence.
When you buy a cyber risk insurance, its applicability is global, however jurisdiction for solving disputes is determined in the terms and conditions of the contract. Much like any other type of insurance you can buy, cyber insurance companies offer a variety of policies with varying levels of coverage depending on your organization’s risks.
Essential security controls to get cyber insurance
Insurers don’t want to lose money and are doing their due diligence to investigate a company’s cybersecurity practices before insuring them. When you contact a cyber insurer to discuss the potential of getting an insurance coverage, they will first assess your current cybersecurity posture. If your posture is considered too risky, then you will most probably be denied insurance.
“During their assessments, insurance companies look for four critical security requirements, the lack of which are a no-go for further discussions,” says Nikos Georgopoulos, Cyber & Information Privacy Risks Insurance Advisor at Cromar.
You can ensure insurance coverage and even reduce premiums if you are implementing good cyber security practices - starting off with multi-factor authentication – in order to avoid a breach. Both you and your insurer want the same thing; for you not to experience a cyber incident.
The following checklist is a starting point for making sure you qualify for cyber insurance.