Ask an Agent: Cyber Insurance Prerequisites

by | Dec 13, 2022 | Security

cyber insurance requirements

Getting cyber insurance can be intimidating and time-consuming but it doesn’t have to be either of those. Jonathan Mayotte, Commercial Insurance Advisor with Thornton Powell offers some insights into common questions companies have on cyber insurance.


What are the current cybersecurity requirements for a business to be insured?

The requirements vary depending on the carrier, policy limits, and the type of industry being insured. Businesses that store or process large amounts of sensitive data like law firms, technology firms, or medical practices, will have stricter security requirements than say a handyman. At a minimum, carriers want to see that a business is keeping their software and virus software up to date. At most, they are going to want to see multi-factor authentication, limited access to systems and networks, regular offsite backups, and disaster recovery plans. My advice to any business is to always have the IT person involved in the process.


What are the steps insurance companies take to assess cyber risks and insurability?

Each carrier will require an application to be completed. Depending on the size of the risk, the application might be a few questions, or it might be several pages. The application will be used to determine rates, whether or not to insure the risk, and it will also become part of the policy. In other words, if any of the questions are answered incorrectly it can mean the difference between a claim being covered or not covered. We are also seeing carriers using a risk analysis tool, which will use the domain for the business’s website to run an analysis to see if there are any major security threats or vulnerabilities. The results of the analysis will be factored into the underwriting and are also shared with clients as a risk management tool.


What advice do you have for small and midsized businesses regarding cyber risk?

Don’t assume because you are not a major corporation that you are not at risk of a cyber-attack. Cybercriminals have learned that it’s better for them to fly under the radar by attacking smaller businesses because it keeps them out of the headlines. Breaches can cost small businesses hundreds of thousands of dollars, which can be enough to shutter many companies. Something else to remember is that most attacks come through phishing emails that are inadvertently opened by employees. You may have all of the best security protocols in place and still get attacked. This is why it’s vital to not only have a great security infrastructure but to also have a cyber insurance policy in place in case there is a breach.


About the Author

Jonathan Mayotte, CIC, is a Commercial Insurance Advisor with Thornton Powell. The firm is a full-service independent agency committed to providing clients with sound risk solutions and unrivaled service.  Thornton Powell has been managing the insurance needs of individuals and businesses in the Midwest since 1982.






John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.


Related posts

The Pitfalls of Unwisely Retiring Old Office Technology

The Pitfalls of Unwisely Retiring Old Office Technology

Pursuing sustainability is a noble goal and more and more environmentally conscious businesses are rising to the challenge. A common example is upgrading and then reselling old technology like routers, firewalls, and switches to others who extract more life out of...

Charging your phone in a public place? Beware!

Charging your phone in a public place? Beware!

FBI recommends avoiding free charging stations in airports, hotels, or shopping centers, as it may put your security at risk. Recently on Twitter, the FBI cautioned that, “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring...

Your Phishing Guide: How to protect your business

Your Phishing Guide: How to protect your business

One of the most common ways to breach business systems is phishing. All it takes is one employee, one email, one click and your business is at risk and your data vulnerable. Email phishing is a type of cyber-attack that has been around for many years and continues to...

Subscribe to our blog!

Get our latest thinking to keep your people productive, your enterprise running, and your data safe.

Accessibility Toolbar

Share This