Data loss has a severely damaging impact on the businesses that suffer from it, so why not help protect your business the same way you would with other damages? Cyber insurance helps do just that, and is therefore a super helpful investment for today’s businesses to embrace.
That said, just like other forms of insurance, there are certain requirements that must be met for a business to qualify. Let’s touch on some common requirements insurance providers have.
What Will an Insurance Provider Want to See to Approve a Cyber Insurance Policy?
For starters, documentation. There are prerequisites that must be met before an insurance provider will cover you, and your efforts to meet them need to be fully recorded and tracked. This data helps to prove to a provider that a business is invested in protecting its operations. The following are a few of the preparations that an insurance provider will be looking for when a business is seeking out coverage.
Multi-Factor Authentication Protecting (at Least) Email
It’s no secret that emails are often a tool that cybercriminals use, and to great effect. A cybercriminal that manages to get ahold of an email account has access to all of the associated accounts tied to it, giving them the power to make whatever changes they want.
That’s precisely why you need to have multi-factor authentication in place to protect your accounts, especially your email. However, we recommend that you use it wherever possible. MFA takes the login process and reinforces it with additional authentication requirements that must be met before a login will be permitted. These requirements will often take the form of a generated code that needs to be provided, or a biometric proof.
The big takeaway is that MFA is a great way to prevent unauthorized account access, and is something that insurance providers want as part of your preparations.
Cybersecurity Awareness Training and Testing
Insurance providers also recognize that your entire team is going to impact your cybersecurity. Let’s face it, one employee could potentially bring down your whole business by leaving the wrong door open or by giving access to the wrong person. Your whole team plays a role in your security, which means they all need to be able to identify and mitigate threats as they come across them.
Cybercrime is always changing, so your training should never stop. Keep your employees on their toes with sudden and unexpected evaluation, shoring up any of their failings with directed training. This is another thing you’ll need to document for your insurance provider’s consideration.
Assorted Defenses, Including Incident Response and BDR
As you might expect, insurance companies are expecting to make a profit from these policies, so they’re going to want to see a policyholder actively participating in their own security. The less likely you are to cost them money, the better… and in this case, it’s better for both of you. When making these preparations, it is important to keep in mind that insurance companies will want you to implement both preventative measures and post-event mitigations.
Your insurance provider will want insight into your incident response plan as a result, to confirm that you have properly maintained backups, with the processes to implement them assigned and ready to go.
Gap Assessments for Any Applicable Compliance Requirements
Depending on the industry you operate in, there are almost certainly various regulations and compliance needs that impact the way you do business. Effectively every business will need to comply with the Payment Card Industry Data Security Standard (PCI DSS) in order to protect customer information, for instance. A gap assessment will help you identify where you fall short of the compliance requirements applicable to you, helping you resolve these shortcomings. An insurance provider will want to see the outcomes of these assessments, as well as the documentation outlining what you’ve done to fix the issues found.
You can turn to us for assistance in meeting and maintaining these standards, as well as others your insurance company will want before providing your business with cyber insurance coverage. Find out more by calling (212) 796-6061 and talking with our team.