CYBER SECURITY | 5 MIN READ
Cyber security insurance is increasingly becoming a topic commonly discussed among business executives. As cyber threats continue to increase, more businesses begin to evaluate the need for a cyber security policy within their company. Keep reading to learn what questions you should answer to determine the need for a cyber insurance policy within your organization.
Not enough time? Jump to:
Questions to Answer
What are your exposures?
In insurance, the term exposures refers to how often a business is susceptible to various risks that can cause losses. When calculating premiums, insurance companies evaluate how much risk a business is exposed to.
For instance, businesses with many offices have a higher chance of being exposed to a data breach because a hacker has more opportunities to find security gaps.
Before deciding if you want to buy a cyber insurance policy, get a feel for what your exposures are, as this will help determine how expensive your policy is.
What kind of information does your business keep on file? If, for example, you're a healthcare organization, how do you store patient files and other sensitive information? Do you keep paper copies in the office, or are all files stored online, and if so, where? If your business stores sensitive information in an insecure way, you have a higher exposure to data breaches.
Does your company regularly perform backups? If so, how do you back information up? Some companies only backup data in one location, whereas others backup data in multiple locations. Additionally, some may automatically perform backups multiple times a day whereas others may only back up data a few times a week.
If your company doesn't automate your backups to occur as often as possible, or you only back up your data in one location, you have a higher exposure to data breaches and cyber attacks.
Have you experienced a cyber attack in the past?
If your company has been a victim of a cyber attack before then you fully understand the negative impact that one can have on your business. Besides the potentially devastating blows to your reputation and the financial costs of restoring your network, your company may suffer lawsuits from consumers whose data has been breached.
Cyber security insurance can mitigate these costs. Depending on the level of coverage you want, you can have first-party protection, which encompasses any direct losses your company experiences due to a data breach or cyber attack.
You can also seek out third-party coverage, which helps mitigate the costs of legal claims from partners and customers. If your company has experienced one or more cyber attacks in the past, consider having both types of coverage.
If your company's network was breached multiple times and you did little to patch security gaps and protect your network, if you have additional data breaches moving forward, a court most likely won't rule favorably on your company in the event of a customer lawsuit. Additionally, any previous or future data breaches could cause your premiums to increase.
How compliant are you with existing cyber security law?
If your company is diligent about compliance with cyber security law, you may not feel the immediate need to buy a cyber insurance policy.
Regularly updating and patching your network to stay in line with regulations such as HIPAA and GDPR minimizes the odds of a data breach. This in turn decreases the chances that you'll need to file a claim to protect against the financial losses of a data breach or subsequent customer lawsuit.
However, cyber security law is constantly changing and evolving, which means that what may have worked to keep you compliant last year may not work this year.
Take the California Consumer Privacy Act (CCPA) as an example. If you've browsed a website this year that you haven't visited before, you may have noticed a pop-up that asks you to accept the cookies that log your activity.
Many companies have had to recently add pop-ups like this to their website to stay compliant with CCPA. If your company has dedicated in-house IT personnel, make sure that they stay on top of developing cyber security law and adjust your network accordingly.
Additionally, even if you stay completely compliant with cyber security law, this doesn't make you immune to data breaches, so make sure that no matter if you buy a cyber insurance policy or not, your network security is as strong and robust as possible.
RELATED: The Future of Cyber Security Law
What does your current cyber security landscape look like?
Examine your cyber security infrastructure to see what systems you currently have in place. Besides the usual antivirus and anti-malware, what other forms of protection does your network have to safeguard against cyber attacks?
Do you perform dark web scans? Does your company diligently educate employees about cyber security best practices, including how to create a secure password?
If your network's security is lacking, you could be leaving the door open for a hacker, which increases the odds of a data breach. If your company experiences additional data breaches after signing with a cyber insurer, your premiums could quickly increase.
Consider the strength of your cyber security efforts when deciding whether or not to purchase a cyber insurance policy.
How to Minimize Your Cyber Insurance Claims
The key to minimizing cyber insurance claims is ensuring that your network is secure enough to protect against data breaches and cyber attacks. By following a few simple tips, you can reduce the odds that you'll need to file a claim with your cyber insurer.
Create a Password Policy
Your employees' account passwords may not be as secure as you think. When creating a password, many choose to use personal information that can easily be found online, such as children's names and names of your alma mater.
Creating a password policy fosters a culture of personal accountability within your organization while ensuring that passwords to all company devices and platforms are as secure as possible.
Password policies should emphasize the importance of passphrases. Passphrases are created by stringing together a random group of words. Secure passphrases can be anywhere from 4-12 words or more, and the longer the passphrase, the harder it is to crack.
For instance, an example of a passphrase could be "s3ven Heaven collegiate Turtle". When reading the passphrase, it seems as if it would be easy to crack, seeing as it's comprised of just a few words.
However, according to the website Use a Passphrase, which lets you test passphrases to see how long it would take a computer to crack it, this example would take a computer over 461 bilion centuries to figure out!
Additionally, encourage employees to limit usage of the same password that's also used for personal accounts (like a personal email password). If anyone uses personal account passwords, that creates a door that hackers can come in through if they hack into any personal accounts.
Though this is the hardest rule to follow, encourage employees to not write down any company passwords anywhere, whether that be on a sticky note or in the Notes app on their phone. Writing down passwords leaves documentation that hackers can find and then use to gain access to your network.
Automate Your Data Backups
Whether you decide to use a cloud-based system, server, or external hard-drive to store backed-up files, backing up files ensures that in the event of a cyber-attack or power failure, workflow disruption is minimized, and important files aren’t lost.
The best method for backing up files is to install a software that regularly backs up all data on company computers. At a minimum, data should be backed-up weekly, but if possible, schedule for your technology to back-up automatically.
Data that’s critical to your business includes electronic spreadsheets, databases, financial files, human resource files, and accounts receivable/payable files. Being proactive about data backups leaves your company and its sensitive files at an advantage in the event of a power failure.
Educate Employees About Cyber Security
You could have the most secure network in the world and your employees could still render it ineffective with poor Internet practices. The employees of your company are its greatest asset and, unfortunately, its greatest liability.
Cyber security training that highlights best practices for keeping your data safe online is increasingly becoming an important aspect of employee instruction, especially for employees that aren’t tech-savvy. It is one of the most important factors in establishing and maintaining a secure company network.
Having cyber security training for your company can educate everybody on Internet best practices, from how to detect spam emails to tips on creating secure passwords.Good cyber security training minimizes the risk of your other network security protocols being rendered ineffective.
Additionally, it decreases the likelihood that your employees will fall victim to cyber-attacks by opening spam or going to malware-infected websites.
Establishing basic cyber security practices and policies decreases the odds of a cyber attack, which will in turn lessen the odds that you would have to file a claim with your cyber insurer.
Consider Managed IT Services
Cyber security insurance helps protect your business' financial health in the event of a cyber attack or data breach lawsuit. However, cyber insurance doesn't provide any technical protection to prevent network breaches and cyber attacks from happening in the first place.
A Managed Service Provider (MSP) can implement a variety of tactics to keep your network secure, giving you peace of mind. An MSP can install various hardware and software to keep your network up-to-date with the latest cyber security tactics.
Additionally, an MSP can assist you in creating a password policy and list of cyber security best practices for your organization to ensure that employees don't fall for phishing schemes or leave your network open to breaches.
While an MSP can reduce your claims, hiring one can also potentially reduce your premiums and keep your deductibles lower. Hiring managed IT services shows your insurer that you're committed to reducing your exposures and protecting your network, which could persuade them to lower your premiums.
Your deductibles increase, in part, due to the amount of claims you file. When an MSP reduces your claims, this can keep your deductible from increasing, as it shows that your company is a low risk to your insurer. The right MSP will keep your insurance costs low while protecting your network from intruders.
RELATED: What is a Managed Service Provider?
Cyber security insurance is more relevant now than ever before. When considering whether or not your organization should buy a policy, consider the strength of your current network infrastructure as well as your budget.
Posted by Erica Kastner
Erica Kastner is a lead Marketing Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.