The concept of the computer is more than 200 years old, but functional computers have only existed for a few decades. Today, information technology and computers are a critical part of business operations. In fact, today all businesses are technology businesses, even pizza shops cannot run without their technology.
Part of making sure a business is secure and resilient is ensuring its risks have been considered and properly mitigated. Can your business survive if its IT systems become unavailable or lost? Cyber insurance is an important part of those protections and you can get started with a cyber insurance coverage checklist.
Keep reading and learn more about what you should look for in cyber insurance coverage.
CYBER INSURANCE CHECKLIST:
- Understand your risk by establishing your risk profile
- Determine what coverage is needed and what you can afford
- Get quotes
- Fine-tune coverage, terms, and remediate risks
#1 – Understand your risk by establishing your risk profile
Insurance premiums and proper insurance coverage are heavily influenced by your organization’s risk exposure.
As part of the insurance vetting process you will first need to determine what kind of coverage you will need (there are lots of options) and you will be asked to supply details about your business that help underwriters analyze your risk profile and set your rates.
First you should ask yourself, why am I getting insurance? Reasons may include protecting yourself as a business owner, protect your business, its staff and its operational resilience or even to satisfy customer contract. To help make the best decisions, you should start gathering relevant data beforehand and to perform and consider performing a risk assessment to understand your risk profile and vulnerabilities. If you are unsure what details to gather or how to perform a risk assessment, reach out to a reputable insurance broker or start a conversation with a certified security professional.
#2 – Determine what coverage is needed and what you can afford
Once you understand your organization’s risk exposure, capabilities, and security measures, and purpose for coverage, you can identify the types of coverage you will need. See Cybersecurity Insurance: The Quick Guide to learn more about the types of coverage available.
In parallel to identifying the types of coverage you will need, you will also want to identify your security insurance budget. Keep in mind that cyber insurance premiums for small businesses can run anywhere from a few hundred to thousands of dollars per year, depending on your risk profile, coverage level, and other factors.
#3 – Get quotes
Different underwriters will offer different premiums and terms. If your risk profile is high or you have other reasons to suspect that your premiums will be on the higher end, it may make sense to get several quotes from different providers. Insurance brokers can help streamline this process.
#4 – Fine tune coverage and terms
You may come to a point where it’s difficult to choose the right kind of coverage. It may be difficult to factor in your budget, the type of coverage you need, the insurer, and so on. Understanding your business needs will help guide your decisions. For example, if the primary reason for coverage is to satisfy a new customer contract, figure out the minimum requirements for that contract and start from there. If your primary focus is on business operations and continuity, you your assessment has found weaknesses in your data backup systems, it may be better to invest some of your budget into enhanced security controls first. Insurance coverage cannot restore your data if it’s lost, so ensuring good backups and recovery systems may be a priority.
Before making a final decision or selecting a policy, here are some things you may want to consider:
Broad exclusions in cyber insurance refer to categories of risks or events that are typically not covered by cyber insurance policies. These should be one of the first things you look out for. These exclusions can easily be missed if you aren’t paying attention.
Broad exclusions can keep you from benefiting from the coverage you thought you had and losing out on insurance claims. Broad exclusions can include prior knowledge, wear and tear, unencrypted data, war and terrorism, and contract liability exclusions. Understanding the purpose for your coverage and the types of risks you’re trying to cover will help evaluate what exclusions you’re willing to tolerate.
Panel or Consent Provisions
Panel or consent provisions in cyber insurance are clauses within the policy that require the insured to obtain consent or approval from the insurance provider before taking certain actions or engaging specific parties related to a cyber incident. These provisions are put in place to ensure that the insurance provider has control and oversight over key decisions and actions taken during the claims process. These types of provisions may be OK for smaller or simpler business, but may prove difficult to honor for most larger, sophisticated businesses.
Retroactive coverage, also known as prior acts coverage, is found in some cyber insurance policies and provides coverage for claims related to cyber incidents that occurred before the policy’s effective date. It essentially extends the coverage back in time to include incidents that took place prior to the policy’s inception.
Retroactive coverage isn’t always included, but it can help if you get a coverage plan with it. It can make any risky recent events much less stressful for your business.
If you have vendors that may also be at risk, covering them can be beneficial. Not all insurance plans do this. You’ll have to go out of your way to specifically look for plans with this option if this is an important componenent of protecting your business.
Know Your Regulation and Compliance Responsibilities
Your regulation and compliance responsibilities need to be well understood. There may be requirements beyond what insurance providers expect. Compliance with those standards may also help lower your insurance premiums. Certified security and compliance vendors can help you better understand those requirements.
You may need to Modify Your Cyber Security Strategy
In some cases you may discover you need to improve your cyber security posture before you’re eligible for the coverage you need at a reasonable rate. Performing an assessment beforehand will helpidentify these issues in advance. Investing in basic cybersecurity protections such as enabling MFA (Multi Factor Authentication), data encryption or automated patching, will help protect your business and will help qualify for coverage.
A cyber insurance coverage starts with understanding your business requirements, assessing your business risks and working with qualified professionals to understand your risk and coverage options. Using a checklist is a great way to get started.
Are you ready to learn more about protecting your data? Check out our services and see how we can help.