Businesses of every size and in every sector are at risk from growing cyber threats—those are just the facts. With awareness of the danger growing, more and more companies are looking at ways to protect themselves when they’re hit with a malware attack or data breach (and I do mean when, not if), which is sensible.
However, some might think the first step is to take out a cyber insurance policy to guard against the financial fallout from a successful cyberattack, and then figure out what security steps they should be taking to keep their network and data safe from hackers.
Unfortunately, that process is backwards.
The reality is that unless your organization has comprehensive cybersecurity controls, policies, procedures and plans in place, you’re not going to be able to even qualify for a cyber insurance policy. Insurance companies aren’t in the business of underwriting reckless behavior. Your insurance application is going to include hard questions about your current cybersecurity maturity, and you’ll need to answer them truthfully to attain valid coverage.
Want a sense of what major insurers are looking for? Here’s a glimpse of what you can expect.
Cyber Insurance Underwriting Questions You’re Likely to See
An insurance application is designed to gather the information necessary to underwrite a given risk. For a cyber insurance policy, that means questions focused on policies, procedures, supporting evidence, incident response plans, and other aspects of your current cybersecurity stance. These include (but aren’t limited to):
- Do you have up-to-date, active firewall technology in place?
- Are all computers, networks, and mobile devices equipped with up-to-date, active antivirus software?
- Do you have a process in place to regularly download and install software patches?
- Do you have established backup and recovery procedures for business and customer data?
- Do you have an established incident response plan for dealing with a network intrusion?
- In the event of a computer system disruption, do you have a disaster recovery/business continuity plan?
- Do you have procedures to ensure that any of your service providers who have access to your systems or confidential information have adequate network security controls in place?
- Do you have multifactor authentication in place for remote access to email, remote network access, and administrative access?
- Are you currently compliant with applicable standards such as PCI-DSS, HIPAA, etc.?
- Do you encrypt private or sensitive data in your database or network, while in transit in electronic form, on mobile devices, on employee-owned devices, and while in the control of third-party service providers?
Additionally, your potential insurer will ask about any losses your business has previously suffered in this realm from a breach. For example, they’ll want to know if you’ve previously had a network or computer system disruption (either from an attack or system failure), if you’ve suffered a data breach, or if you’ve been the victim of ransomware. They’ll also request information on claims, complaints, or litigation you’ve been involved in relating to cybersecurity issues, with all relevant details.
Sound like a lot? It is!
But this is how insurance companies do their due diligence to make sure you’re doing yours.
Honest Answers Only!
It may be tempting to answer these questions with what you think insurers want to hear. After all, maybe you’re working on improving your cybersecurity but you just haven’t had the chance to get everything squared away yet.
I’ve got one word for that—DON’T.
False information on an insurance application isn’t just a reason for an insurer to deny a claim. In numerous jurisdictions in the US and its territories, knowingly providing false information on an insurance application can lead to civil or even criminal penalties – up to and including prison time! Those optimistic answers could turn into a fraudulent time bomb at the worst possible moment for you and your business, so don’t guess or take any chances!
The easy way to genuinely protect your business and satisfy your insurer is to call in the experts at Petronella Technology Group, Inc. (PTG). We can address all the cybersecurity and compliance requirements you need to have in place to get coverage, with processes, procedures, and security solutions designed for the unique needs of your business. Our patented 22-layer cybersecurity stack, over 100 years’ combined experience, certified expertise, and innovation keep us—and you—ahead of today’s cybercriminals.
To find out how PTG can get you the protection you need, contact us here to schedule a free consultation now.