How to Qualify for Cyber Security Insurance
Cyber insurance is one option that can help protect your business against losses resulting from a cyber attack. If you’re thinking about cyber insurance, think what policy would best fit your company’s needs, including whether you should go with first-party coverage, third-party coverage, or both
In this article you will learn:
- Why does my business need cyber liability insurance?
- What should my cyber insurance policy cover?
- How to qualify for cyber insurance
- How to prepare my IT infrastructure for cyber insurance audits
- How to lower my cybersecurity insurance premiums
- How to protect my business from cyber-attacks
- How LA Networks can help your business qualify for cyber insurance
Cyber insurance is enormously beneficial in the event of a large-scale security breach. Insurance provides a smooth funding mechanism for recovery from major losses, helping businesses to return to normal and reducing the need for government assistance.
Cybercrime by the Numbers
- The FBI’s Internet Crime Complaint Center (IC3) saw a 69% increase in the number of cybercrime reports
- Cyber attacks are the most common: 70% have experienced a cyber attack, followed by identity theft at 69%, cyberbullying at 64%, and cyber extortion at 69%.
- Did you know that nearly two in three midsize organizations have suffered a ransomware attack in the past 18 months? Even more concerning is that 20% of them spent at least $250,000 to recover from it.
- Last year organizations experienced the highest average cost of a data breach in 17 years at $4.24 million, rising from $3.86 million the previous year.
Can you afford to wait?
Why does your business need cyber insurance?
Cyber insurance can be essential in helping your company recover after a data breach, with costs that can include business disruption, revenue loss, equipment damages, legal fees, public relations expenses, forensic analysis, and costs associated with legally mandated notifications.
“Remote work became a major security consideration stemming from the COVID-19 pandemic. The rise in compromised remote desktop protocols (RDPs), leaked credentials, IoT credential stuffing, and more attacks in general, are all reflected in the 400% spike in cyberattacks reported by the [U.S.’s] Federal Bureau of Investigation in the early days of lockdowns” the publication reported.
Which businesses need cybersecurity insurance?
Businesses that store important data online or on computers. If your business stores important data such as phone numbers, credit card numbers or Social Security numbers — either online or on a computer — you are at risk of a cyberattack and could benefit from cybersecurity insurance.
Businesses that store their own financial data and any personal customer data should at least consider first-party coverage. For example, a business that is the victim of a ransomware attack can lose valuable data, such as financial records, if it is unable to respond to the payment demands.
Due to the recent hacks, cybersecurity insurance is more expensive, has more exclusions, and is more difficult to obtain. Learn what insurers are expecting of you, and what you can do to strengthen your security posture.
What Should Your Cyber Insurance Policy Cover?
Make sure your policy includes coverage for:
- Data breaches (like incidents involving theft of personal information)
- Cyber attacks that occur anywhere in the world (not only in the United States)
- Cyber attacks on your data held by vendors and other third parties
- Cyber attacks (like breaches of your network)
- Terrorist acts
Also, consider whether your cyber insurance provider will:
- Defend you in a lawsuit or regulatory investigation (look for “duty to defend” wording)
- Provide coverage in excess of any other applicable insurance you have
- Oﬀer a breach hotline that’s available every day of the year at all times
What is First-Party Coverage and What Should You Look For?
First-party cyber coverage protects your data, including employee and customer information. This coverage typically includes your business’s costs related to:
- Legal counsel to determine your notiﬁcation and regulatory obligations
- Recovery and replacement of lost or stolen data
- Customer notiﬁcation and call center services
- Lost income due to business interruption
- Crisis management and public relations
- Cyber extortion and fraud
- Forensic services to investigate the breach
- Fees, ﬁnes, and penalties related to the cyber incident
What is Third-Party Coverage and What Should You Look For?
Third-party cyber coverage generally protects you from liability if a third party brings claims against you. This coverage typically includes:
- Payments to consumers aﬀected by the breach
- Claims and settlement expenses relating to disputes or lawsuits
- Losses related to defamation and copyright or trademark infringement
- Costs for litigation and responding to regulatory inquiries
- Other settlements, damages, and judgments
- Accounting costs
How LA Networks can help your business qualify for cybersecurity insurance?
Cyber insurance coverage requirements.
In order to determine your premium, coverage limits and whether you even qualify for cyber insurance in the first place, most providers will carry out a cyber insurance risk assessment as part of their underwriting process. Depending on the size of your company, this process can range from a questionnaire to a detailed analysis carried out over multiple weeks by a cyber security firm. Regular check-ups and reassessments are also possible.
To keep risks at an acceptable level, policyholders are required to meet basic IT security standards in order to qualify for cyber insurance. At a minimum, a company interested in buying cyber insurance must have the following safety measures in place:
- Use multi-factor (MFA) authentication wherever it is available such as Cisco Duo
This is one of the simplest, yet most effective, actions that any organization can take to protect themselves. If you’re not enabling it, you’re essentially leaving your doors unlocked. Multi-factor authentication from Cisco’s Duo protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access. Duo is engineered to provide a simple, streamlined login experience for every user and application, and as a cloud-based solution, it integrates easily with your existing technology.
- Conduct an annual comprehensive risk assessment
This will help identify your cyber risk, just like you would identify crumbling foundation or fire hazards. But identifying risks doesn’t mean much without taking the next step—so be sure your risk assessment is followed by a detailed plan of action.
- Require security awareness training for all staff
It’s still true that with all the security risks out there, your weakest link is still your people. Teaching them the basics, and also building a culture of cybersecurity within your organization, will help to greatly reduce risk.
LA Networks will supplement your IT team to achieve your strategic initiatives or fill critical skill-set gaps with easy-to-use, flexible staffing models that provide the right support on demand. We will save you valuable time providing highly trained and certified engineers who can get to work right away. No need to worry about sourcing, recruiting, and retaining top talent. If your business is scaling or needs to find an expert team member with a critical skill, our expert engineers are a phone call away
- Mandate secure remote access or VPN connections or setup a Virtual Desktop Infrastructure (VDI)
With remote work here to stay, this is more important than ever. Using home networks or public WiFi networks can increase risk and exposure—but ensuring secure remote access can reduce this risk.
- All PCs must be equipped with antivirus software and it must be kept up to date
- Most every company has been the recipient of targeted phishing emails, with the hopes of tricking an employee to grant funds or access to the external hacker.
LA Networks can assist you with advanced anti-phishing products, as well as validating your employee’s efficacy in identifying and responding to these sorts of attacks.
- Enforce endpoint protection, in the form of antivirus and anti-malware software, such as Cisco Secure Endpoint (formally Cisco AMP)
This is a critical line of defense, as the monitoring of processes executing on the desktop can catch the untoward behaviors of ransomware or worms as they attempt to execute.
- The company network must be protected using a next generation firewall.
- Business data must be regularly backed up using external media or a secure cloud service.
LA Networks can help you build, or augment your existing backup process, to survive both unexpected disasters, as well as ransomware attacks.
- User access rights and permissions must follow a secure provisioning process, and be constantly monitored for any changes or breeches in access privileges.
LA Networks will work with you to build a comprehensive approach to only granting the minimum required access rights to each of your users, and then alerting you to any attempts to circumvent these guardrails.
- LA Networks will supplement your IT team to achieve your strategic initiatives or fill critical skill-set gaps with easy-to-use, flexible staffing models that provide the right support on demand. We will save you valuable time providing highly trained and certified engineers who can get to work right away. No need to worry about sourcing, recruiting, and retaining top talent. If your business is scaling or needs to find an expert team member with a critical skill, our expert engineers are a phone call away