Cyber-attacks happen. And they are happening more frequently and leaving more damage in their wake. What can you do to minimize that impact?
One answer is cyber insurance. Cyber insurance is a good move for those that manage personal data and it is required for some due to contractual obligations. The cyber insurance market is gaining momentum and is anticipated to have a compound annual growth rate (CAGR) of 26.3% in the next 10 years to increase the industry to over $70 million according to a P&S Intelligence report.
While businesses are securing budget to invest in cyber insurance, they also have to consider the type of coverage. Organizations could choose from first-party insurance for the insured organization. There is also third-party coverage for liability for other parties affected by a data breach. Regardless, a company’s insurance rates are based on their security profile.
A Gartner Research Report indicates there are over 70 carriers offering some cyber coverage. A review of a number of these carriers’ policy applications show preferred qualifications for coverage. These applications all featured topics that included:
- Does the company have a formal risk assessment process that identifies critical assets, cyber security threats and vulnerabilities? Comments
- Does the company have an Incident Response Plan for determining the severity of a potential data security breach and a communication plan to promptly notify individuals who may be adversely affected by such exposures?
- Does the company have an intrusion detection solution that detects and alerts personnel responsible for reviewing malicious activity on the company network?
- Does the company perform reviews at least annually of the company’s third-party service providers to ensure that they adhere to company requirements for data protection? If they do, when was the last audit completed?
- Does the company require annual security awareness training for all personnel so they are aware of their responsibilities for protecting company information and systems?
- Does the company have executive approval for security policies and procedures?
The common theme in these questions is whether a business established their risk profile and if it is in practice throughout the organization and its partners.
If you are looking to apply for cyber insurance, and want to ensure your security policies and posture are reasonable and aligned, we can help. Let’s scope your needs.