Today’s businesses are operating under the constant threat of a cyberattack. As the threat level continues to rise, companies are finding it harder to keep cybercriminals at bay. According to Cybersecurity Ventures, it is estimated that by 2021, ransomware alone will cost businesses worldwide around $20 billion. Data breaches can be crippling, putting some companies out of business. Even a more modest attack can cause days or weeks of downtime, leaving an organization with hundreds of thousands or millions in damages. To help cover the costs, many companies are turning to cyber insurance.
What is cyber insurance?
Cyber insurance is an insurance policy that protects businesses from the financial fallout that occurs from a cyberattack. Cyber insurance won’t prevent a cyberattack, but it will minimize the damage and aid you in the recovery process. The level of coverage varies with each provider, but typically a cyber insurance policy will cover legal fees, system forensics, the cost of restoring compromised data, the cost of repairing damaged computer systems, loss of transferred funds, reparations to customers, and compensation for loss of revenue.
Increasing your chances for better coverage
One of the ways you can increase your chances of qualifying for cyber insurance is to make sure that certain protective measures are in place to reduce your risk of a data breach. Organizations with poor cybersecurity practices are likely to get charged more for a cyber insurance policy than businesses with excellent cybersecurity practices. Here’s a list of preventative measures that insurance carriers look for when assessing a business’s risk to determine whether they want to provide a policy or quote:
- Does the company have antivirus and firewalls?
- Is the company’s sensitive data encrypted at rest and in transit?
- Does the company have endpoint protection on mobile computing devices?
- Does the company have formal vulnerability management or software patching procedures?
- Does the company have data backup and recovery procedures in place, and are those procedures tested periodically?
- Does the company have a Formal Cyber Incident Response Plan?
- Does the company employ multi-factor authentication on corporate email?
- Does the company employ multi-factor authentication on corporate networks, systems, and VPNs?
- If the company accepts payment cards for their business, can they verify that they are PCI compliant?
- If the company deals with protected health information, are they HIPAA and HITECH Act compliant?
Most insurance professionals agree, MFA is the most critical element in the current environment. According to Microsoft, MFA can stop 99.9% of attacks on your accounts. A company with no MFA in place could prevent the customer from getting insurance at all. MFA along with a formal cyber incident response plan is a big deal, with both, customers will be in great shape to obtain the best rate for cyber insurance.
It’s no longer enough to have excellent perimeter security when your company’s data, customers, and reputation are on the line. Making sure your business is fully covered in case a disaster strikes could save you from financial ruin down the road. Reach out to IP Pathways and we’ll provide a full security and risk assessment to see if there are any protective measures that we recommend you put in place before seeking a quote from a cyber insurance provider. Working together we can help your network stay safer and keep your insurance rates as affordable as possible.