5 Things to Check to Get Cyber Insurance Approval
Here’s one thing you should know: Cyber insurance companies are losing money right now.
Since the advent of remote work has blurred every organization’s security perimeter, their cybersecurity risks and vulnerabilities have perilously grown. Cyber attackers took advantage of this sudden change and carried out attacks with a higher ransom. And this has been wreaking havoc on the cyber insurance industry.
In response to the rise of ransomware attacks, cyber insurance companies had no choice but to resort to an increase in their premiums. You may have been noticing or experiencing a 50-100% increase in your cyber insurance premiums right now.
But that isn’t the only potential change.
Some insurance companies are exploring other options, such as ransomware sub-limits, co-insurance, and, most importantly, increased premiums for organizations that do not implement cybersecurity measures at the company level.
In other words, they may not insure you at all or impose large fees if your business doesn’t implement appropriate cybersecurity procedures.
Here at ITS, we’ve been helping hundreds of clients manage their cybersecurity to protect their businesses from physical, financial, and reputational damages. In this article, we’ll go over the following:
- What is cyber insurance?
- Who needs cyber insurance?
- Questions to ask yourself in preparation for cyber insurance approval
After reading this article, you can find the gaps in your cybersecurity and bridge them to ensure that your cyber insurance gets approved when the need arises.
What is Cyber Insurance?
Cybersecurity insurance is similar to other forms of insurance that you are likely familiar with, such as car insurance. Insurance protects you in the event of an unwanted incident, and in the case of cybersecurity insurance, the incident could be:
- A data breach,
- Server malfunction resulting in downtime,
- Network damage and, in some cases,
- Payment of a ransomware demand.
Who Needs Cyber Insurance?
In today's cybersecurity climate, most businesses need cyber liability insurance. If your business stores sensitive client, customer, and partner data or conducts any form of electronic transactions, then you can benefit from a cyber policy.
You must have up-to-date cybersecurity and cyber insurance if you are also in a regulated industry, such as the finance and healthcare industry.
Even if you’re an SMB, you can fall victim to cybercrime. It's been reported that almost half of all recorded cyberattacks in recent years were aimed at small businesses. From a threat actor's standpoint, it just makes sense. Small organizations often underestimate the value of their data or don't have enough capital to improve their cybersecurity measures.
5 Questions to Ask Yourself to Get Cyber Insurance Approval
Here are some of the questions you need to ask yourself if you want to guarantee fast cyber insurance approval:
1. Do you have multi-factor authentication for email and sensitive information?
Are you prompted when you log in to your email or when you log in to your cloud-based data? Do you receive a login code or receive login approval requests on your phone?
If your answer is yes, then you have an MFA set up. If not, then you better start setting it up.
2. Do you have backups, and are you sure they are working?
The best way to know if you have a good backup is to actually test them. But you sometimes don’t have time to do that, so you need to ensure that the people responsible for the backups are testing them and reporting back to you. We recommend testing backups a minimum of once or twice a year, with a more frequent testing ideal.
3. Do you have up-to-date, active antivirus installed on all your computers?
Surprisingly, 20% of networks have missing antivirus. The easiest way to check this is to go down to the bottom right corner of your screen, hover over the taskbar, and look at the little icons. You will see something that says either antivirus or endpoint detection, which will tell you if you have something installed.
4. Do you have a written documented incident response plan?
If you’re a business owner or executive and aren’t sure, then you probably don’t have one. You’re probably thinking, “That’s not my responsibility.” Here's the thing: you are responsible for your organization’s incident response (IR) plan as a business leader.
You’re responsible for your team. You’re also responsible for communicating when an incident happens. You must speak to your clients, possibly the media, and other organizations and let them know what’s happened.
So, you need to make sure that you have this planned and make sure it’s documented. And it includes things like:
- Incident identification and rapid response
- Suitable tools and resources
- A clear understanding of individual roles and responsibilities
- IR playbook that comprises detection and analysis of the threat
- Containment eradication of the threat
- Business disaster recovery plan
5. Do you have up-to-date, active firewall technology?
A great way to figure this out is to check and see if you’re paying a subscription to a firewall vendor. If you are, it’s very likely that you have a firewall. You could check that by talking to your CFO control or someone in the accounting team. Find out if it’s set up and start doing something if it’s not.
Do You Need Help with Your Cyber Insurance?
Ensuring robust business cybersecurity helps protect your data and processes and lessens the sum you'll have to pay for your cyber insurance. In times of need, good cybersecurity also helps you get approved faster. The things you need to cover to make sure your cyber insurance does not get denied are:
- MFA for email and sensitive information
- Data backups
- Up-to-date active antivirus
- Incident response plan
- Active firewall technology
At ITS, we help our clients bolster their network defenses to prevent potential risks and its cost. If you need help with your cyber insurance, schedule your FREE cybersecurity assessment with us, or if you want to learn how much insurance you need first, read our article titled How Much Cyber Insurance Does Your Business Need?