In today’s connected world, small and medium businesses (SMBs) depend on data, software and technology, and a cyberattack or data breach can have a significant impact. Your business may be small, but the potential cybersecurity threats are very large and growing with every month that passes!
We’ve all read the headlines about attacks at global corporations, but breaches at SMBs are much more common. And while cybersecurity technology and event prepared- ness are vital parts of a holistic cyber risk management strategy, many businesses are overlooking a critical third component – cyber insurance.
To put this in perspective, consider the auto industry. Today’s vehicles come with an array of modern technology and drivers must be licensed and are warned of distracted or intoxicated driving. Yet we still buy auto insurance to protect against unforeseen events on the road. Many business owners willingly hop on the information super- highway – where other ‘drivers’ are actively trying to harm them – without cyber insurance. So complete the cyber risk management trifecta with a Cysurance cyber insurance policy underwritten by Chubb, one of the world’s leading insurance companies.
The Mounting Risk
Technology vs. Insurance
Cyberattacks tripled among small businesses from 2015 to 2019, and as a result 67% of survey respond- ents plan to spend more on cybersecurity technology and mitigation in the next three years. Only 34% plan to spend more on cyber insurance, despite 54% of businesses believing a cyberattack or data breach in inevitable!
Many SMBs think the relatively small costs of ransomware and damaged servers drive cyber losses, so they invest in technology and retain the risk of a breach. However, business interruption and incident response costs are actually more volatile and far greater. The cost of downtime from ransomware is 23 times greater than the actual average ransom, while forensics, public relations, credit monitoring services and notification requirements make up 57.4% of total cyber claim costs since 2009.
Selecting The Right Cyber Coverage
No official regulation standards
Each insurer can offer their own cyber risk policy options, which contain specific rules, requirements, or restrictions that may be unique to that insurer only.
Ensure your business is properly protected by reg- ularly monitoring your security risks and evaluating any changes against your coverages and policy requirements to keep them closely aligned.
Cyber risk – security essentials
While there is no universal governance, most insurers expect their clients to follow and maintain some basic security practices without fail.
- Security risk assessment – Regular IT security audits of your business will detect & identify vulnerabilities and areas with high potential risk, giving you the detailed insight needed to repair, resolve or contain threats or issues.
- Patching strategy – Is there a patching strategy to keep the software up to date?
- End-of-life software/OS – Are there any outdated software and OS in the network?
- Security training for employees – What level of security training do employees have?
Exercise ‘due care’ to avoid denials
Nothing in business or life is ‘failproof’. However, if you continuously fulfill the policy requirements and invest in proactive security strategies and tools, you can minimize or avoid the possibility of claim denials.
- Exercise due care – Make sure your cybersecurity controls align with your insurer’s requirements.
- Avoid negligence – Be aware of any exclusionary clauses or wordings within your policy that reject claims for negligence.
- Use expert help – Used managed compliance services to deal with cyber insurance compliance requirements.
How We Can Help?
We understand the challenge that goes into achieving and maintaining compliance with regulatory and contractual requirements. Our technology and cybersecurity expertise along with our specialized tools and experience can help you avoid rejections and coverage denials should you ever need to file a claim.
Our managed compliance solution will help increase successful claim approvals by providing documentation and evidence of due care measures you have performed or implemented to secure your IT environment.
Let us help you secure the coverage you need with a policy from a renowned underwriter, with over 20 years of experience in insuring cyber risks.