Does your business have cyber insurance?
If not, then you need to acquire this type of insurance immediately. Cyber insurance is so much more than simply providing the money necessary to pay criminals in Bitcoin. Cyber insurance is a specialty insurance product intended to insure against internet-based risks and, more generally, from risks relating to information technology infrastructure, information privacy, information governance liability and other connected activities. Threat actors of all sizes, ranging from sole individuals to nation states, are a real and present danger to everyone.
Regardless of an organization's IT or security budget, no company or person can guarantee that a loss of data or security breach will never occur. Every security expert will tell you that perfect data protection cannot be achieved. The world does not have a set of cybersecurity services that protects against all cyber threats. All of your vendors and your organization should agree to maintain cyber insurance to protect against attacks, breaches, exfiltration, denial-of-service, encryption or data loss to their respective companies, including data located at third-party providers.
Cyber-related risks are typically excluded from traditional commercial general liability policies or at least are not specifically defined in traditional insurance products. Any electronic information such as a person's name, email, contact number, financial records, medical records, payment information, government documentation, etc., stored in any device can be exploited, hacked or compromised in one or more ways. Coverage provided by cyber insurance policies may include first-party coverage against losses such as data destruction, data recreation, extortion, theft, hacking and denial of service attacks, plus liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data or defamation.
Other cyber insurance benefits may include funds for security audits, post-incident public relations, legal, forensic, investigative expenses, criminal ransom or criminal reward. Of course, the coverage specifics including policy limits and deductibles will be unique according to the risk tolerances, regulatory compliance, and other factors as determined by the policy and your firm's needs.
We've seen cyber and ransomware insurance applications grow from one to two pages of questions to as many as 25 pages during just the past three years, because insurance companies have become more experienced at determining which combinations of security tools and practices provide the greatest level of protection. For instance, access to your network, email and applications should be protected by two-factor authentication. Your computers should be protected by advanced endpoint detection and response, which is a far more intelligent version of the core antivirus software you are probably using now.
Ideally, your computers will use application whitelisting that identifies which programs are trusted to run on your computer and, therefore, deny all other applications like ransomware or commercial software that has not been approved. Failure to have these types of protection will either result in your policy application being denied, or it will be rated at a higher premium and a lower coverage amount.
Rates for cyber insurance have increased for every client we have in a very wide variety of regulated and nonregulated industries. We have security layers too vast to mention here, and yet our insurance rates have increased over 800 percent in just the past four years. If you do not have this type of coverage or your rate has not increased, then the insurance you have may not protect you when needed, because you are most likely misinterpreting the questions on the application. The goal is not to answer the questions so that your application is approved, but instead, the goal is to answer the questions accurately so you understand your cyber risk correctly and the insurance company will pay the claim when an attack occurs.
Do not assume your business is well protected because you have not had an attack or you have no evidence of an attack. Contact a competent IT firm for a cyber security assessment.
For more information, visit www.omnipotech.com or call (281) 768-4308.
