I recently read an article about cyber insurance and it reinforced many of the concepts I try to convey on the topic. First and foremost: Cyber insurance is not a replacement for risk management and cyber security due diligence. That fact cannot be stressed enough.
Cyber insurance is intended to help you recover the monetary losses of a cyber attack or data breach as well as cover some of the cleanup costs (notifications, credit monitoring, fines, etc.). It cannot restore your reputation, make your customers return after leaving, or undo the damage that has been done.
The best way to ensure you are within the requirements of your cyber policy is to be knowledgable, thorough, and truthful when you complete the application and to read the policy once it’s issued. It should state all the preventative measures you must have in place to successfully submit a claim after a breach.
Just like any other insurance policy or even warranties, you will need to put in a reasonable effort to prevent negative things from happening. With cyber security that usually includes applying patches, updating software, employing anti-virus and firewalls, and using strong encryption where appropriate. Your policy may require more, though.
If you aren’t sure what your policy covers, ask your agent or broker. I recommend using an insurance broker who can work with you to determine the best coverage fit for your situation. Brokerages often have experts in several areas that can help you understand the coverages and risks where online or discount insurance agencies don’t.
Cyber insurance policies support your business’s security program. They do not take the place of it. We advocate that you start with an overall risk management strategy and then use cyber insurance to transfer the risk where it can’t be reduced or eliminated.
Call or email us today to help you get started with your risk management strategy and see where cyber insurance fits in
Contact us today for a free and confidential consultation.