As a business owner you need to have the mindset that it’s no longer “if” you get hacked but “when.” As the number of data breaches continues to increase, companies are turning to cyber liability insurance for more protection. Unfortunately, due to the number of cyber attacks and claims, cyber insurance firms are limiting payouts based on exceptions in the terms and conditions. Organizations that haven’t fully read the fine print and made efforts to prevent breaches are being denied their claims.
It is important to keep in mind and understand a Cyber Insurance provider’s objectives in that they are trying to prevent loss. Cyber Insurance providers sit on the front line and have insight as to the successful breaches that are happening long before studies and reports come out from IT data sources. Oftentimes the counter measures they are requiring are the exact prescription for protecting your company.
#1: Make sure you have the right coverage for your business.
Inadequate coverage could leave you holding the bag on some very expensive issues. Read through those terms and conditions to make sure everything you need is covered.
All businesses need coverage for:
- Breach Response
- Third-party lawsuits
- Ransomware Protection
- Cyber Extortion Protection
- Fraudulent payments and wire transfers
- Lost revenue from downtime and remediation
- Client and company data loss
- Loss from Social Engineering
- Crisis Management and Public Relations
#2: Implement a Data Breach Prevention Strategy
If your organization has made no attempt to prevent a breach, then your cyber liability insurance policy may not pay out. It’s important to show your company has made great efforts in securing their data and network. In legal terms; you have to prove that you have done your due diligence and are practicing due care.
According to the Open Systems Interconnection (OSI) model, these are the 7 layers of cybersecurity protection your business needs:
- Human – includes cybersecurity training for employees and web filtering that prevents visits to infected websites.
- Perimeter – includes next-generation firewall and asset management.
- Network – includes firmware updates to all switches, wireless access points as well as physical security protection.
- Endpoint – includes endpoint detection and response, mobile device management and security information and event management (SIEM).
- Application – includes security patching for all softwares and all applications must have an active support agreement
- Data – includes data encryption, multi-factor authentication, disaster recovery process and data backups.These systems must be checked before a disaster to ensure functionality.
- Mission-critical assets – includes Internet connectivity, Servers, Workstations, Access to Core Business Applications, Communications such as Email and Voice. These services must be available even during a disaster for some businesses.
#3: Document your security efforts
Simply having security measures in place is not enough for insurance companies. They want to see the efforts you’ve made, which is why documentation is so critical. Your IT firm should provide you with technical business reviews on a regular basis that documents the security of your network.
Another thing to keep in mind is real-time logging and alerts. These generate reports that can determine the severity and scope of a security incident. .
#4: Ensure your third-party vendors are secure
In the healthcare industry, HIPAA compliance requires organizations to have business associate agreements. While cyber liability policies may not require this, it’s a great practice to have in place. This ensures you have an agreement with your third-party vendors to uphold the same cybersecurity measures.
#5: Report suspicious activity to your cyber liability insurance company ASAP
As soon as you detect suspicious behavior or a potential breach, reach out to your cyber insurance company. If you wait, they could deny your claim.
Be Confident You’ll Get Paid
If you’re concerned that your claim may be denied, then it’s time to take the proper precautions to ensure you’ll get a payout. We can help with this as we work with many Gulf Coast businesses. Book your discovery meeting with our in-house expert!
Phillip Long – CISSP, CEO of , along with his team of marketing and information technology experts, will walk you through an overview of what your business should be doing to protect your data and plan your digital marketing strategies.
You may reach out to us at: