Cyber threats are constantly changing and should something cyber-related go wrong in your business, cyber insurance will help your organisation to get back on its feet. You may require technical knowledge for example and it will minimise disruption to your business, provide financial protection during an incident and may help with any legal and regulatory actions after a cyber incident.
However, before you consider taking out cyber insurance, you can help protect your organisation by ensuring you have fundamental cybersecurity safeguards in place. Cyber insurance won’t solve all of your cybersecurity issues and it definitely won’t prevent a cyber breach or attack. For example, if you’re a homeowner with household insurance you are expected to have adequate security measures in place and it’s no different in business, you would be expected to put certain controls and measures in place to protect your organisation.
It’s vital to look at cybersecurity as an integral part of your organisational risks especially with remote workers being the norm. And remember, unlike incidents such as a fire or theft, cyber incidents are often not restricted to a single location.
A cyber incident can impact your business in a variety of ways. For example, ransomware could mean your IT systems or devices are unavailable, or you may lose data (or even your customers’ data) due to virus or malware infection. It is important to build up a full understanding of how you’re impacted, and the effects this would have on your organisation. This includes the financial impact of business interruption and the associated costs of response and recovery.
There are a number of recognised cybersecurity schemes that demonstrate to your customers, and suppliers that you take cybersecurity seriously and for this reason should be considered even if you don’t intend to take out cyber insurance.
Once you have identified the risks to your organisation you’ll be able to fully understand what kind of cyber insurance policy is right for you.
Some insurance policies will not cover monies lost through business email compromise fraud. This is just one instance where a relatively common incident may not be covered by a standard cybersecurity policy. If business email compromise (for example) is a risk for you, you’ll need to check that the policy covers it.
Remember, cyber-attacks are evolving all of the time, and you might fall victim to a new type that may not have existed at the time the policy was taken out. You’ll need to find out from your insurer if you’d be covered if affected by a new type of cyber-attack that’s not consistent with your current policy.
It’s also worth asking whether the policy covers claims for compensation by third parties in the event of a cyber-attack, or if personal data is lost as a result of a data breach at your organisation (for example, if a customer’s personal data is lost).
Also, what the limits of the policy are and whether they are appropriate for your organisation and even what services the insurer provides in the immediate response to an incident to help manage recovery and improve resilience. If the worst happens, you want to ensure that your organisation can learn from what went wrong and adapt to be stronger in the future.
If you do choose to take out cyber insurance, it doesn’t mean you no longer have to worry about cyber-attacks, but having good risk management will help you to make better, more informed decisions about your overall cybersecurity, and help you understand if cyber insurance should be part of it.
Get in touch if we can help you with any aspect of cyber security and risk management.
Drop us a message or give us a call
Date: November 16, 2020