Cybersecurity Insurance – Seven Common Insurance Requirements

Cybersecurity Insurance – Seven Common Insurance Requirements

In our last Cybersecurity Newsletter, we learned that according to SANS Institute, financial institutions experienced a 153% increase in breaches driven by phishing and credential theft and retailers saw an uptick of 120% in attacks that targeted customer databases and point-of-sale systems this year compared to last year (2023). And every year more companies are finding out firsthand how damaging a cyber breach can be. As a result, organizations are implementing cybersecurity solutions to overcome different attack vectors to reduce the probability of a cyber breach.

In this month’s Cybersecurity Newsletter, we will look at Cyber liability insurance.

Cyber Liability Insurance – What is it and what does it cover?

 Besides having a well thought out cybersecurity solution in place, organizations also have a cyber liability insurance policy in place to help recover from financial losses resulting from an attack. Cyber insurance can help businesses recover from losses due to cyberattacks, including, damaged equipment (servers, computers, etc) lost income, and legal expenses. It can also help with crisis management, public relations, and notifying customers of a data breach.

 As security breaches get costly and cybercrime is so common, getting cyber liability insurance can be complicated than it used to be. As a result, many insurers have stringent requirements that organizations must follow. Some insurance underwriters may have lower caps for payouts and have certain conditions in place that organizations must meet.

 Providers may conduct a cybersecurity risk assessment to determine if the organization qualify for cyber insurance. Ever cyber liability insurance providers also require organizations implement systems and solutions as preventive measures. While this will depend by the nature of the business, the following are the most common cyber insurance requirements.

  

Examples of most common Cyber Insurance Requirements

  • Multifactor Authentication (MFA) – Multifactor Authentication is a security control that requires more than one way to verify a user’s identity. This is also known as two factor authentication. It is a tool to reduce the risk of unauthorized access. An attacker might be able to steal a user’s password, but with MFA they would still need the second factor to gain access to the system. Insurance providers want to confirm that your organization is using MFA with your workforce.

  •  Security controls: Strong security controls can make it extremely difficult for the bad actors from breaching your organizations internal networks and gaining access to your data. Most insurers want to know about the state of your security controls.  These controls include protection from internal threats like malicious or compromised insiders, former employees, carelessness, as well as external forces.

  •  Incident response plan: An incident response plan is a set of written instruction that outline the organization’s response to a cyber security event such as data breach, cyber-attack, or a security incident. This plan outlines the steps your organization should take if/when a cyber event occurs.

  • Security awareness training: As we all know, the human element is the weakest link in Cybersecurity. By raising awareness of cybersecurity threats and best practices, organizations can help its employees be educated on the latest threat landscape and make informed decisions when using technology. A good cybersecurity training policy ensures employees are up to date on security threats and procedures. 

  • Identity and Access Management: It is important that employes access organization’s systems and information to do their job. However, it is also important to ensure that people access only the systems and data that they need to access to do their job. For example, implementing the principle of least privilege (PoLP) ensures that it limits the users access to only what they need to perform their job.  

  •  Data backups and Encryption: A robust data backup system with encryption can significantly lower the risk and help you recover from a data breach. The 3-2-1 backup strategy is still widely used and is considered a cornerstone of data protection. What this simply means is, keep three copies of your data, on two different media types with at least one copy stored offsite. Encryption is a measure that protects your data by converting it into an unreadable format that can only be accessed with a decryption key or password. A good backup system with encryption can reduce cybersecurity insurance premiums. 

  • Patch management: Patch. Update. Repeat. Patch Management is very important when it comes to Cybersecurity. Patch updates help fix vulnerabilities on your software and applications that are susceptible to Cyberattacks. Patch management also ensures that your software and applications are kept up to date and runs smoothly that also support uptime. Most policies will have exclusions related to a failure to apply necessary security updates within a reasonable period of time. 

 

Having Cyber insurance is important. At the same time, meeting cyber insurance requirements is as important. While the above requirements are common, check with your Cyber liability insurance provider for their requirements. If you have already purchased Cyber insurance, you might want to take a look to make sure your organization is meeting their requirements.

 

Need help with any of the above? Please reach out your trusted advisor at BSB Communications.

 

#Cyberinsurance

#Cybersecurity

#MFA

#Informationsecurity

#Patchmanagement

#Securityawareness

#goBSB

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics