Specialized insurance a cybersecurity must-have in today’s world
Maybe you saw it on the news: a computer system used by St. Louis County to look up court cases, issue charges and process people in jail custody was shut down this month by a cyber attack. We see something similar in the news almost every day. Another company, government entity, utility or business is hit with a cyber attack, interrupting business and resulting in losses in credibility and dollars.
As cyber criminals get more inventive and brazen, businesses can no longer rely solely on firewalls and savvy employees thwarting phishing attempts to prevent damage from cyber attacks and ransomware. During the upcoming National Cybersecurity Awareness Month in October, experts nationwide will share details on existing and emerging threats and how to defend against cyber attacks.
But there’s one tool many businesses are finding invaluable for their cyber-defense arsenal: cyber liability insurance. For many, it’s no longer a nice-to-have service. It’s a must-have shield against costly losses and damages and a vital tool for recovery and resilience.
What is it? Cyber liability insurance is a special type of insurance policy that protects businesses from the expenses incurred due to a cyber attack and supports them in response and recovery efforts. Depending on the policy, this type of insurance can cover data breaches (including theft of personal or client information or stolen or damaged intellectual property); attacks on data held by vendors and other third parties; breaches of your own network; cyber attacks that occur inside and outside the U.S.; and terrorist acts. Insurance policies are typically tailored to the needs of the business.
“Most importantly, cyber liability coverage provides access to experts in various fields to stop incidents in their tracks, defend against liability issues, and minimize impact to a business,” said ATB partner Bob Degnan. Degnan is vice president and executive risk manager for the Executive Risk & Cyber Practice unit of the Marsh McLennan Agency.
“Broadly, the liability portion indemnifies the organization and individuals for damages and claim expenses, as well as certain penalties and fines, if there is a suit, regulatory proceeding, or the organization is subject to PCI fines as a result of a data breach or security event,” Degnan said.
Crisis response and recovery is a key part of a solid cyber liability insurance plan. When a cyber event happens, a portion of the policy known as breach response kicks in.
“This part of the policy provides for attorneys, security experts, forensic investigators, notification expenses, credit monitoring, call center expenses, and PR expenses,” Degnan explained. “Other first-party loss coverages will reimburse for the big items often heard about in the news (ransomware, data restoration, business interruption, etc.). While the coverage to offset loss from a first-party loss is impactful, one of the biggest merits of the cyber policy is the breach response providing immediate and insured access to subject experts and professionals to help make sure an already bad situation does not get worse.”
Securing a cyber liability insurance policy requires some due diligence on the part of the business seeking coverage. In addition to submitting application data sets for carrier consideration, companies must demonstrate they have put in place certain controls to defend against cyber attacks.
“There are certain controls that are considered ‘core’ items for carriers to provide a quote,” Degnan said. “These would include multi-factor authentication, endpoint detection and response, backup practices (secured, encrypted, tested), email and web filtering, patch management, and employee testing and training.”
Other controls will likely be required. For example, some policies are now requesting additional security tools like zero trust and SIEM (security information and event management) be deployed within the environment as well. The targets will continue to change as insurance companies work to mitigate their own risk.
“Other items that will affect the success of a policy placement are the industry segment of the proposed insured and the state of the market determining how aggressive or conservative underwriters may be for writing new business,” Degnan added.
Wading through what to look for in a solid cyber liability insurance plan and determining what works best for your business can be a daunting task. If the prospect sounds overwhelming, ATB Technologies can help you sort through your options and ensure you are well positioned to secure an insurance policy. In addition to cybersecurity consulting, ATB’s cybersecurity support includes tools like AI-based endpoint detection and response, multi-factor authentication, disaster recovery, employee cyber training, zero trust and SIEM solutions, among others. Our IT experts can help you develop a solid business plan for protecting your people, property and privacy. Find out more and reach out today at http://atb-tech.com.