Cyber Insurance Readiness – Prepare For A Cyber Security Audit!

Summary: Did you know that cyber insurance companies expect certain cyber defenses and cyber security best practices to be in place prior to writing your policy? They do their own cyber risk analysis before approving cyber insurance coverage for your SMB. Learn the cyber insurance requirements.

Cybercrime is running rampant all over the world. It is estimated that hundreds of people fall victim to cyberattacks every hour. As the volume of crimes continues to grow, so does the cost of recovering from them. For SMBs, cyberattacks can have devasting consequences. Studies have shown that over 60% of SMBs do not recover from significant security breaches and go out of business within six months of an attack.

Ironically, SMBs don’t always believe they need to worry about cyber security. They mistakenly think that they are too small for hackers to care about. It is that attitude that has led to the downfall of many small businesses. If your company has inadequate cyber protections, cybercriminals will eventually find an opportunity to attack it.

Enter cyber insurance. Businesses now have many options for getting insurance to help mitigate the costs associated with cybercrime incidents. However, it is essential to note that there are significant differences in how traditional insurance and cyber insurance are structured:

• 12-Month Policies – Because the cybercrime target landscape continues to grow and evolve, cyber insurance only covers a period of 12 months. That way, insurance companies can make modifications in coverage upon renewal.
• Requirements for Coverage – In tandem with the growth of cybercrime and the creation of new attack methods, insurance companies can add requirements every time a policy is renewed. Factors such as the level of security in place, whether software is up to date, the existence of cyber security policies and the robustness of security infrastructure are considered. To ensure that you remain eligible for policy renewal, your IT staff or a reputable network security solutions company can assist you in your cyber insurance readiness.
• Long Application Process – Most cyber insurance applications and renewals include a 60-day exploratory process during which the insurance company does its due diligence by performing a detailed evaluation of your company’s cyber security posture. The good news is that during that period, companies can proactively add additional layers of protection so that if they are initially rejected, they can reapply promptly.

Requirements for Cyber Insurance Coverage

Although every insurer has specific requirements for coverage, here are a few of the most common conditions:

• Multi-Factor Authentication (MFA) – MFA is a standard frontline defense against stolen credentials. MFA requires at least one additional layer of security in addition to a strong password. For MFA to be most effective, it should be in place for all your SMB users across their email accounts, devices and VPNs. Failure to use MFA best practices will disqualify your company from cyber insurance.
• Business Continuity and Disaster Recovery (BCDR) – BCDR plans are important to insurers. They describe what actions your business will take in the event of a cyberattack to mitigate, stop and recover from a breach. Your BCDR plans must be specific about how your company intends to respond to data loss, ransomware, outages and other consequences of cyber theft. BCDR plans must be evaluated regularly to ensure their effectiveness.
• Robust Cloud Data Backup – By backing up your business data to a cloud server, you increase the chances of a seamless recovery of your data in the event of a cybercrime. Cloud backup to a remote server can reduce downtime and restore full operational functionality to your SMB as quickly as possible.
• Superior Endpoint Detection and Response (EDR) – To hackers, all connected devices are potentially vulnerable endpoints. EDR software can provide comprehensive surveillance of your SMB’s endpoint devices in order to detect threats. EDR software will add security that, in tandem with other protections, can help your company qualify for cyber insurance.
• Removing Employees and Their Permissions When They Leave – It is vital that when employees are terminated or leave their jobs voluntarily, they are removed from your business’s network and platforms, along with their credentials and permissions. Past employees can be “loose ends” that can give insurance companies the impression that you are less diligent about cyber security.
• An In-House Incident Response Team – Insurance companies love it when SMBs have dedicated teams that know their computer system infrastructure and how all their security components work together. Having some trained key players who know what to do in the event of a data breach increases your SMB's chances of mitigating the damage and keeping your business up and running.
• Security Training and Best Practices – Standardized, ongoing employee training in cyber security best practices is important to a potential cyber insurer. Security only works when employees are trained regularly and everyone is on the same page.

The dramatic increase in cyberattacks and their devastating consequences has left companies no choice but to purchase a cyber insurance policy. To be approved for a policy, prepare your business in advance, and do not wait until your SMB is attacked. Avoiding the catastrophic effects of a cyberattack is well worth the time and money required to do it right and protect your company’s hard-earned data.