Cyber attacks are certainly well-documented. Security has become problematic in all sectors – business, nonprofits, government, politics and individuals.
The cybercrime trend has become so inescapable, cyber-security threats have cost chief executive officers their jobs and now CEOs and boards now fear cyber-security threats.
Hence, there’s a need to buy cyber insurance. You’re not convinced? Here’s an unfortunate case study.
Despite the ever-mounting awareness of data breaches, buying the right protection and being able to buy any insurance from cyber attacks can be daunting.
Many insurance companies are excluding coverage and courts have not been uniform in their rulings regarding insurance policies. Yet cyber insurance is paramount, and you likely need expert cyber-legal advice.
As a starting point, here are five best practices in buying cyber insurance:
1. Understand the big picture of cyber insurance
Unlike typical casualty or life insurance, there isn’t uniformity in cyber insurance. Insurance companies label their policies and their coverage in a myriad of ways.
It’s important to carefully examine coverage terms and the fine print.
There are differences between first-party and third-party coverage. Threats occur in both.
First-party coverage pertains to your business. Third-party coverage refers to your customers, vendors and other stakeholders.
Yet insurance companies often lump the two together along with professional insurance coverage, media and tech coverage, errors and omission policies, and general liability policies.
So you need to fully understand your risks and the available options. This means you must have a competent insurance advisor and legal counsel to prevent gaps in protection.
2. Assess your risks
It’s important you learn the risks you face. Cyber criminals use a wide variety of exploitation methods and have a myriad of motives.
For instance, some might want to damage or shut down your system. Others might want to steal your business data for their financial benefit.
Criminals might go after your customers’ credit card and financial-institution data – for which you’re also legally and morally liable.
There are extortionists who might want install ransomware – software shutting down your IT system until you make a ransom payment to them.
So your risks emanate from these possible vulnerabilities:
— You depend on e-commerce for revenue.
— You maintain your customers’ financial information.
— You host Web sites or provide tech services for customers.
— You provide services to customers or the public at-large.
— Your company’s information technology depends on another company or network.
–A breach will be a hit on your reputation and decrease your future income.
So conduct stress tests and risk scenarios.
3. Quantify in dollars the risk from a breach
You should inventory or anticipate the costs to your business if your system is breached and otherwise disrupted.
Not only does this involve direct losses from disruption of your technology to your bottom-line, but damage to your reputation and indirect losses involving third parties, too. All such financial losses would be significant.
Moreover, you are required to notify your customers in the event of a breach.
You must also provide them with credit monitoring, ascertain identity theft-protection services, deal with regulators, cope with penalties from investigations, and contend with lawsuits.
4. Understand your coverage options
Once you know your risks, you must learn what you need in cyber insurance so you can make a determination.
But note the available policies vary widely. For example, as mentioned earlier, coverages for first and third-party losses are combined into one policy.
5. Choose the coverage that’s right for your business
Again, after you anticipate your vulnerabilities by conducting risk scenarios, study all your available options.
Then, with further due diligence pick the insurance company and coverage that will best protect your company.
To select your ideal coverage, involve all your key talent – from your finance and marketing to customer service and IT employees. If you determine coverage is not available for certain risks, do your best to eliminate those risks.
From the Coach’s Corner, here related articles:
Protect Your Financials, Systems and Technology – 15 Tips — Cybercrime has skyrocketed and is projected to get much worse. At risk is the health of your company as well as the welfare of anyone with whom you do business. Here’s how to protect your customers and your reputation.
10 Strategies for Internal Controls of IT and Financial Systems — Obviously, the welfare of your company depends on having an up-to-date information-technology system. IT now impacts every facet of your business. So it follows that you should invest in IT controls to protect and enhance your financial system.
Key Measures to Prevent, Recover from Ransomware — Published reports indicate ransomware cost businesses $350 million in 2015. The FBI considers ransomware attacks one of the three worst cyber threats.
9 Tips to Train Employees to Protect You from Cybercrime — It takes a team approach to protect your organization against the skyrocketing rate of cybercrime. Here are nine training precautions necessary to make sure your employees help you guard against security threats.
“Privacy is not for the passive.”
-Jeffrey Rosen
__________
