Cyber Insurance – Before I Called The Insurer
This article is the third and the final article that explains about Cyber insurance for your business. So far we have examined what cyber insurance covers and what you should look out for. We have also explored some areas where you need to pay more attention to in part one and part two of this article. In today’s article of “Cyber Insurance – Before I Called The Insurer” we will explore in details on the buying process. What are you can expect for every dollar spent on cyber insurance premiums and what does the insurer expect of you.
What do insurance companies look for when deciding coverage?
An insurer is in the market to make a profit. They are not here to make insurance payout easily. That is why, insurers will prefer to insure low risks. Why? Low risk means lower claim rate and more savings of the insurer. All is not easy when it comes to cyber insurance. Why? There is no fix or proven method to deduce where an attack my come from. Secondly, the method of cyber-attack keeps changing with time. This means, as an insurer, you should be ready to absorb more risk and at the same time, encourage clients to follow certain best practices to reduce prevailing risks over time.
Your IT Security Setup
Most insurance companies that sells cyber insurance wants to see that an organization has assessed its vulnerability to cyber attacks. They prefer clients who have a certain SOPs and follows best practices. These best practices allow the insured business to enable defenses and controls to protect against cyber-attacks. Ongoing and continual risk reduction education program is encouraged. You can educate your employee to better understand what is a cyber-attack, how it affects the company and how they can play a part to protect the company assets. Seriously discuss important topics, especially phishing and social engineering.
When you in the market to purchase a cyber insurance, it will be useful (can help reduce your premiums) if you have performed an independent security assessments of your IT systems.
Your IT Security Tests
The bigger companies that has plenty of cash to splash tends to deploy threat intelligence and ethical hacking services to test the security setup of their IT systems. This process can be expensive indeed. These big companies are deploying ethical hacking methods not because they want to buy a cyber insurance policy, but, as a part of their IT systems security setup and maintenance program. If you are small company, financially it is impossible to deploy ethical hacking services to test your security setup.
Invest In IT Security Tools
What can we do next? To reduce our cost on premiums and on testing our IT system security, we can invest in some type of vulnerability assessment tool or engaging the services of a penetration tester. These approaches are much cheaper to implement. Having continual program to monitor and test network defenses can go a long way toward improving your IT security while negotiating cyber insurance.
Your Security Audit Logs
As part of cyber insurance buying process, do not be surprised if your insurer request for an audit of your organization’s processes and governance. This can be one of the pre-condition of coverage.
What happens if you do not have a proper security setup or audit systems in place? The insurer may agree to provide coverage but at lower sum assured or he may load the premiums (more expensive) or he may decline your risk and not offer you a cyber insurance cover.
Why do your company still need cyber insurance?
Does your company store and maintains customer information? Do you collect online payment information? Do you use the cloud services? If you have answered YES to one of the three questions, definitely you should consider adding cyber insurance to your yearly company budget.
Just because you can be running a small business does not mean you are excused or immune from cyber-attacks. In fact, attacks against all business are increasing. Symantec found that over 30 percent of phishing attacks in 2015 were targeted at companies with less than 250 employees. Their 2016 Internet Security Threat Report indicated that 43 percent were targeted at small businesses in the year 2015. Globally on average the loss from cyber crime was between $375 billion and $575 billion.
No business is safe from Cyber-attack as long as you use any form of internet device or electronic communication device. We saw the amount being lost to cyber-attack annually, can you risk that amount of money? Cyber insurance is necessary evil to defray the costs for what very well may occur.
How Much Does Cyber Insurance Cost?
Generally, cyber insurance can cost you anything between $800 on-wards. Depending on the nature of your business and the associated business risks, your premiums may vary. If you are running a jewelry business or if your yearly earning revenues are high, then expect your cyber insurance premiums to be high as well.
Before calling your agent for a cyber insurance policy
Do your homework. If you have read part one and part two of this article, you will have a clear understanding of what to expect for in your cyber insurance policy. As you go comparing the different cyber insurance policies in the market, you should also set time to create a cyber risk profile for your company. You may also consider creating a list of expenses you want to have covered in the event of an incident. Now you are in better position to determine an estimate for third-party costs.
Take advantage of the online tools available to you. For example, many insurers provide an insurance calculator on their websites. Usually these online insurance calculator tools help create a list of coverage and estimate costs.
Finally, your Cyber Insurance Policy!
Now, when you know the average premium cost, when you know what are the coverage provided and what are the insurers requirements, now you are ready to meet few of your preferred insurers to discuss in detail. This process can be fun when you have information in hand, so good luck in your hunt for the best cyber insurance policy!