Businesses worldwide are feeling the pressure to safeguard their data, employees, and clients from evolving cyber threats. With more than 155 million records exposed annually and over 1,000 data breaches in 2020, it’s safe to say that businesses are more at risk than ever.
One way organizations curb this risk is by getting cyber insurance coverage. To apply for the coverage, most insurance companies require the applicant to fill out a cyber insurance coverage checklist. This may be a requirement at renewal as well.
Designed to address an organization’s regulatory compliance, privacy training, and insurance, cyber liability insurance is generally used for two reasons:
- To meet contractual requirements
- To have a safety net should a data breach occur
To learn more about how business leaders are protecting their organization, our article covers need-to-know policy requirements that we’ve found is included in every cyber insurance coverage checklist.
Common Cyber Security and Compliance Exposures
Before diving into how to protect your business from cyber attacks, it’s important to understand the obligations your business may be liable for. Regardless of whether you’re a small or large business, data breaches are one of the most catastrophic events that a company can endure, often causing:
- Revenue loss
- Incurred legal fees
- Public relation expenses
- Equipment damage
- And more
Interested in learning more about cyber insurance coverage policy requirements? Check out these blogs:
Why Businesses Need a Cyber Insurance Coverage Checklist
Liability insurance is a risk management tool leverageable by businesses of all sizes.
In the case of small businesses, cyber insurance coverage means having the ability to guard your business from the negative results of a malicious cyber security attack without much deviation from general liability policy.
For small to large businesses, cyber insurance generally covers a broader scope of benefits, such as:
- Legal support
- Cyber extortion defense
- Forensic analysis support
- Reimbursement coverage for business interruptions
- Coverage that goes beyond the grain of general liability insurance
Businesses can start by reviewing a cyber insurance coverage checklist to understand what they will need to do to obtain affordable cyber insurance to safeguard their organization from the evolving cyber threats that inevitably surround every business that wishes to remain competitive in our digital age. If this checklist is hard to understand, we’d be happy to schedule time to review it with you.
What’s Included In a Cyber Insurance Coverage Checklist?
When companies want cyber insurance they fill out a cyber insurance coverage checklist.
Sent from the insurance company to potential insurees, a cyber insurance coverage checklist serves as an information gathering tool for underwriters from IT insurance companies.
Generally, this coverage checklist provides cyber insurers answers to whether you’re doing anything cybersecurity related along with the generalized services and solutions you may or may not support.
Depending on the cyber insurance coverage policy requirements and your answers, your business may not be approved for coverage, gain coverage at a higher rate, or have to complete a few things before coverage can be approved (such as installing an anti-virus).
Additional information often addressed in a cyber insurance coverage checklist include:
Individuals within the organization that are responsible for an application’s network security must provide personal information to supplement the applicant’s security controls.
Generally, this includes providing information such as your name, title, phone number, email address, IT security designations, and answering other questions like how many IT personnel are on your team or if network security is managed in-house or outsourced.
Email Security Controls
Web email is the third most commonly used attack vessel of cybercriminals. Why? Sometimes an organization’s weakest points lie in the lack of training their employees possess.
There’s a reason why phishing attacks are common amongst fast-growing organizations. To close loopholes in email security controls, to better understand how your organization is addressing this risk, the insurance company will ask the following:
- “Have you implemented the Sender Policy Framework?
- “Have you implemented DomainKeys Identified Mail (DKIM)?”
- “Do you pre-screen emails for potential malicious attachments and links?”
- “Do you tag external emails to alert employees that the message originated outside the organizations?”
- “Have you implemented Domain-based Message Authentication, Report, and Conformance (DMARC)?”
Internal Security Controls
An internal control framework helps organizations outline their control environment, monitoring, information and collaboration, and risk assessment, with that insurance companies will want to know the following:
- “Do you use protective DNS services?”
- “Do you allow remote access to your network?”
- “Do you use MFA to protect access to privileged user accounts?”
- “Do you use endpoint application isolation and containment technology on all endpoints?”
“Do you use a next-generation antivirus (NGAV) product to protect your organization’s endpoints?”
Backup and Recovery Policies
Data backup and recovery policies help ensure organizations are going the extra mile to protect their uptime, productivity, efficiency, and reputation. By answering the following questions positively, organizations can reduce the cost of cybersecurity insurance:
- “Do you use a data backup solution?”
- “How frequently does your data backup solution run?”
- “What’s the estimated remediation time for ransomware attacks?”
- “Do you utilize MFA to restrict access to your backups?”
- “Have you tested the successful restoration and recovery of key server configurations and data from backups in the last 6 months?”
Avoid These 3 Common Cyber Insurance Coverage Mistakes
Knowing the most common cyber insurance claim denials before crafting a cyber insurance coverage checklist is essential for organizations looking to cover all their bases.
Some of the most common lapses of cyber insurance coverage include:
- Failure to Maintain – Businesses understand failure to maintain as the negligence exclusion. A specific inclusion that precludes coverage claims arising from the insured’s failure to maintain the minimum security standards.
- Pre-Breach Lawsuits – As Kimpton Hotel’s cyber breach lawsuit revealed, data misuse can be leveraged prior to actual induced damages. With a $600,000 settlement available to resolve claims that Kimpton Hotel’s failed to protect its customers.
- Social Engineering Schemes – According to Statista, phishing attacks account for the most frequently reported cybercrime to the IC3 and given its rise, it’s an everyday threat that businesses must confront head-on.
Stay Protected With Our Cyber Insurance Coverage Checklist
In our digital sink or swim work era, an unexpected cyber incident without cyber insurance coverage is the last thing your organization needs to deal with. By completing a cyber insurance coverage checklist, you will better understand the areas needed to better protect your business, employees, and clients’ personal information and data.
As an organization with over two decades of skin in the game, we take the time to understand the nuances of your business and can help you complete a cyber insurance coverage checklist to get the best cyber insurance rate.
Take time to protect your organization today and remain a force to be reckoned by having us help you complete a cyber insurance coverage checklist.