In the past couple of years we have all heard about the rise in cyber attacks. We are even to a point where we are seeing cyber attack ads while watching our favorite YouTube channels. Companies like HP are serving us ads telling us that the number of cyber attacks has risen by 600%.
It has left everyone on edge, wondering how best to tackle the cyber needs of their company.
As those companies learn about all the cyber security tactics they must use to protect themselves, they find one of the most important is Cyber Insurance.
As with any insurance, our hope as a business owner is that if we pay a monthly premium, we will be covered if anything happens.
And rightfully so, that is what we all expect from the insurance premiums we pay. The problem is, Cyber Insurance is not that cut and dry.
What is Cyber Insurance and Why Do You Need It
Simply put, Cyber Insurance is a type of insurance for internet based threats. Cyber insurance policies generally include losses from theft, malware, hacking, extortion, or security breaches that result in lawsuits.
Getting a Cyber Insurance policy can be a lengthy process, but the time spent is worth it. Cyber Insurance is like all other forms of insurance; life, health, automobile, it gives you peace of mind.
And as part of your Cyber Security Program, it is necessary to mitigate the extent of loss and downtime your company may experience if hit by a cyber attack.
If I Have Cyber Insurance Am I Covered For All Cyber Incidents?
While Cyber Insurance is a form of insurance like your life, health and automobile insurance, cyber insurance is not always as obvious as other types of insurance.
It is important to know what type of cyber insurance coverage you need based on your particular business and industry.
And you need to know the risks that make you vulnerable and the best way to determine that is with a Cyber Security program.
Cyber Insurance – Part of Your Cyber Security Program
It is important to have a Cyber Security Program in place to make sure you have a cyber insurance policy that covers your business needs.
In the past, a company could get a cyber insurance policy in place by answering a questionnaire. Unfortunately, these questionnaires are often filled out incorrectly, and when a claim is made, it is denied.
This happens when, for example, the questionnaire asks if you have regular backups, you state yes, a breach happens, and it is identified that the backups have not been backed up in over a year. In that case, your claim would be denied.
Problems like this can be alleviated if you have an up to date Cyber Security Program in place.
What Is A Cyber Security Program and What Should It Include?
Look at your Cyber Security Program as your blueprint or roadmap of your security management practices.
Start by documenting the following areas:
- How prepared are you for a cyber attack
- State any attacks that you have found and resolved
- The steps you took to fix the attack
- The vulnerabilities you found that allowed the attack in the first place
- The measures you took to make sure these attacks will not happen again
Once you have these areas documented, make a list of the specific cyber security measures you have in place right now.
I say “right now” because it is extremely important for the Cyber Insurance questionnaire that you list the items you have in place at the time of filling out the questionnaire. If you list something that you end up not having and are breached, you will not be covered.
The following are typical items you should list in your Cyber Security Program:
- Data Backup and Recovery
- Employee Awareness Training
- Multi-factor Authentication
- 24/7 Monitoring
- Patch Management
You will want to go into detail about each item. For example the type of data backup, the redundancy of the backup, where it is stored and the frequency in which it is backed up.
Once you have these items in your Cyber Security Program it will make it easier to get Cyber Insurance because most insurance companies want to see these items to write a policy.
The problem is, many companies have outdated or non-existent cyber security programs in place and have no idea how to update or implement one.
A cyber security program is part of the services provided by Managed Service Providers(MSPs) like Attain Technology. MSPs work closely with you to make sure you have the documentation and tools in place.
A Solid Cyber Security Program
Cyber Insurance is best looked at like a part of your Cyber Security Program. Think of it as one of the tools in your toolbox. The Cyber Security Program being the tool box itself, and the cyber insurance, data backup and recovery, employee awareness training, multi factor authentication, 24/7 monitoring, and patch management as the tools in the toolbox.
The toolbox and tools give you multiple ways to protect yourself and prevent an attack from keeping you offline and unable to work for weeks or even months.
Having A Hard Time Putting Together Your Cyber Security Program?
Attain Technology has been helping construction companies since 2008 by implementing IT Services and Cyber Security that works best for your particular needs. We do not sell you things you don’t need. We focus on giving you what you need to increase productivity and keep you safe from hackers, ransomware, and security threats.