7 Steps to Understanding Your Cyber Insurance Needs

Posted on January 4, 2021 - by Jack Vines - in Building Your InfoSec Program

This guest post is from Measured Insurance, a Securicy partner.

Cyber insurance needs are becoming more critical for organizations of every size.

And cybersecurity has never been a higher priority for businesses across the globe. Remote work during the COVID-19 pandemic has increased cloud-based attacks by 630% and the projected cost of cyber attacks is expected to reach $6 trillion in 2021. Now is the time to mitigate your risk and take action to protect your team and your business. You’ve likely tightened your security and refreshed your employee training, but if you don’t have up-to-date cyber insurance, your business is vulnerable. 

Here are 7 steps you can take to understand your cyber insurance needs:

1. Assess your risk.

While cyber risk is often described as an attack or threat to your financial or personal information, a cyber attack can impact so much more. A data breach, ransom event, or even a phishing email can result in financial loss, loss of sales, and even damage to your brand’s reputation. If you’re just learning about cyber risk, it’s important to understand two key avenues that crime actors often exploit: email and employee mistakes. Reports show 94% of all malware is delivered via email and at least 37% of all breaches can be traced back to human errors.

Even if you already understand your cyber risk, the cyber threat landscape is constantly changing. Large corporations are complex, but even the most sophisticated IT teams are often no match for cyber criminals. They run each attack through their own complex network to find any vulnerability or security hole they can exploit. If you don’t know already, you need to assess your current, real-time risk. A good cyber insurance partner will have the tools and systems in place to review your current vulnerabilities, deliver a regular report, and offer specific action items to improve your risk grade. They should also compare you against other organizations in your industry. 

2. Review the differences between general liability insurance and cyber liability insurance.

Typical for most businesses, general liability insurance offers coverage for events that cause property damage or bodily injury from your building, product, service, or operations of your business. You may find that in some general liability insurance policies they may cover a limited selection of cybersecurity events, but general liability will not offer enough in-depth coverage to recover the impact of a cyber attack. 

Cyber liability insurance is designed to cover risks related to the internet and information technology. This type of insurance product covers your business’ liability for specific cyber events such as ransomware or a data breach. 

3. Understand the cyber events that cyber liability insurance is designed to cover.

Cyber liability insurance typically covers common cyber attack events such as a data breach, malware attack, phishing attack, or ransomware, among others. 

Data Breach: The release of private or confidential information or data—intentionally or unintentionally—to a third-party that is unauthorized. For many businesses, a data breach involves customer data, financial information, or insider knowledge.

Malware Attack: A crime actor embeds malicious software on your device, server, or network designed to create chaos and cause damage. A malware attack is typically delivered to a business environment via email or through domain-spoofing. 

Phishing Attack: Using social engineering tactics, a phishing attack is carried out with the singular goal of obtaining sensitive information or data through fraudulent electronic communication. Typically delivered through email or text messaging, phishing attacks are prevented through proper training and education. Phone calls, social media direct messages, and other communication forms are also used to trick employees into delivering sensitive information to unauthorized third-parties claiming to be trusted sources.

Ransomware: A malware attack designed to encrypt important information or data and hold it for ransom. Many ransomware attacks claim they will release the information or data once the ransom is paid. Businesses who experience a ransomware attack are often locked out of their system and experience other repercussions, such as loss of customer information, deleted files, and a pause in sales if a website is down. 

4. Look for a cyber policy that goes beyond cyber event coverage.

Cyber liability insurance is built to cover specific cyber attacks such as a data breach, ransomware event, or phishing scheme. But to ensure you have the right coverage, it’s important to find a policy that covers all areas of your business that can be impacted by a cyber event: financial disruption, customer communication, regulatory fines, brand reputation, ransom, etc. 

If your business suffers a data breach, you may be faced with more than recovering information. It’s important to think through the entirety of the event and the long-term impact and financial cost. A data breach could pause your ability to complete sales (lost revenue), require you retain more legal counsel, reach out and communicate to customers or vendors, provide monitoring services to offer restitution to impacted parties, rebuild your brand’s reputation through increased public relations, etc. A single event spans several areas of your business and impacts each area financially. It’s critical to understand the true cost of each possible event and get the coverage that will help you get back to work faster. 

5. Find cyber coverage to meet your specific needs.

There is no one-size fits all cyber liability policy for every business. The amount of coverage you need will depend greatly on your industry, revenue, and total number of employees. Beyond the initial specifications of your type of business and how much financial risk you carry, varying levels of cybersecurity hygiene and best practices will impact your coverage needs and policy terms. 

Consider the following cybersecurity tools and best practices that may impact your policy terms: 

  • Security Procedures for Remote Desktop Protocol
  • Secure Email Gateway
  • Employee Awareness Training and Education 
  • Incident Response Plan 
  • Software Update Policies and Procedures

Updating your security policies and procedures can go a long way toward improving your security posture.

6. Get clear on what to expect from your cybersecurity insurance provider in the event of a cyber attack. 

As you research your options for cyber liability insurance, get the specifics on what to expect if you experience a cyber event. What level of involvement will your cybersecurity insurance provider have in the event? What does the claims process look like? What support will you receive? How long will you have access to your provider after the event? 

As you research and compare providers, get the details for a potential cyber attack:

  • Review the claims process—where do you submit a claim and what information will you need to include?
  • Understand how long it will take to hear from your provider once a claim is submitted—will you be waiting hours or days?
  • Find out the timeline to process a claim—how long will it take from the moment a cyber attack takes place to your expected restitution from your provider?
  • Get clear on the support you will receive from your provider—will they send in experts or offer technical help?

7. Choose a partner in cybersecurity. 

Selecting a cyber insurance provider shouldn’t be a daunting process. Look for the provider that will be your partner in cybersecurity. A provider invested in mitigating your risk is invested in keeping you safe, reducing your claims, and keeping your business running.

A true cybersecurity partner will offer:

  • Personalized risk assessments delivered regularly
  • Customized action steps to reduce risk
  • Expedited support with experts available 24/7

Like any other partner, you want to find a provider you trust. 

To assess your current risk and find out more about Measured Insurance, your partner in cybersecurity, visit measuredinsurance.com

About the author

Jack Vines is the founder and CEO of Measured Insurance, which is revolutionizing cyber liability coverage. Jack’s cybersecurity background spans both the public and private sectors. He was an Operations Officer at the Central Intelligence Agency (CIA), focusing on cybersecurity and data security operations and at Microsoft. Before founding Measured, he worked at Verisk Analytics, developing data-driven analytics products for the world’s larger insurance carriers. Outside of Measured, Jack is an avid ski-mountaineer and mountain biker with a passion for extreme endurance sports.

Measured Insurance is revolutionizing cyber liability insurance by bridging the gap between technology and insurance, using analytics that tracks clients’ exposure in real-time to create smarter insurance products tailored to the actual threats they face. With Measured, you can get your clients a fast, accurate cyber insurance quote that outlines the exact coverage they need in every area of cyber risk. Broker support is available with same-day response times (and multiple channels to connect—phone, email, online portal), direct underwriter access, and claims support 24/7 (processing starts immediately for a current customer claim).