Every business should dedicate time and resources to cybersecurity. Hackers are out there, in many cases far across the globe, and they’re on the prowl for vulnerable companies. These criminals typically strike at random — doing damage to not only a business’s ability to operate, but also its reputation.
One way to protect yourself, at least financially, is to invest in cyberinsurance. This type of coverage is designed to mitigate losses from a variety of incidents — including data breaches, business interruption and network damage. If you decide to buy a policy, here are five tips to help make the application process a little easier:
1. Be detail-oriented when filling out the paperwork. Insurers usually ask an applicant to complete a questionnaire to help them understand the risks facing the company in question. Answering the questionnaire fully and accurately may call for input from your leadership team, IT department and even third parties such as your cloud service provider. Take your time and be as thorough as possible. Missed questions or incomplete answers could result in denial of coverage or a longer-than-necessary approval time.
2. Establish (or fortify) a comprehensive cybersecurity program. Your business has a better chance of obtaining optimal coverage if you have a formal program that includes documented policies for best practices such as:
- Installing software updates and patches,
- Encrypting data,
- Using multifactor authentication, and
- Educating employees about ongoing cyberthreats.
Before applying for coverage, either establish such a program if you don’t have one or strengthen the one in place. Be sure to generate clear documentation about the program and all its features that you can show insurers.
3. Create and document a disaster recovery plan. An effective cybersecurity program can’t focus only on preventing negative incidents. It must also include a disaster recovery plan specifically focused on cyberthreats, so everyone knows what to do if something bad happens.
If your company has yet to create such a plan, establish and implement one before applying for cyberinsurance. Put it in writing so you can share it with insurers. Review your disaster recovery plan at least annually to ensure it’s up to date.
4. Prepare to be tested. Some insurers may want to test your company’s cyberdefenses with a “penetration test.” This is a simulated cyberattack on your systems designed to uncover weak points that hackers could exploit. Before applying for cyberinsurance, conduct a thorough assessment of your networks and, if necessary, train or upskill your employees to follow protocols and be wary of “phishing” schemes and other threats.
5. Consider a third-party assessment. To better uncover weaknesses that could result in a denial of coverage or unreasonably high premiums, you may want to engage a third-party consultant to assess your cybersecurity program, as well as your equipment, network and users. Doing so can be beneficial before applying for cyberinsurance because some IT security firms maintain relationships with insurers and can help streamline the application process.
Like most types of coverage, cyberinsurance is a risk-management measure worth exploring with your leadership team and professional advisors. Contact Andrews Hooper Pavlik PLC for help determining whether buying a policy is the right move and, if so, for assistance analyzing the costs involved and developing a budget.
© 2023 Thomson Reuters