Ask an Agent: Cyber Insurance Prerequisites

by | Dec 13, 2022 | Security

Getting cyber insurance can be intimidating and time-consuming but it doesn’t have to be either of those. Jonathan Mayotte, Commercial Insurance Advisor with Thornton Powell offers some insights into common questions companies have on cyber insurance.


What are the current cybersecurity requirements for a business to be insured?

The requirements vary depending on the carrier, policy limits, and the type of industry being insured. Businesses that store or process large amounts of sensitive data like law firms, technology firms, or medical practices, will have stricter security requirements than say a handyman. At a minimum, carriers want to see that a business is keeping their software and virus software up to date. At most, they are going to want to see multi-factor authentication, limited access to systems and networks, regular offsite backups, and disaster recovery plans. My advice to any business is to always have the IT person involved in the process.


What are the steps insurance companies take to assess cyber risks and insurability?

Each carrier will require an application to be completed. Depending on the size of the risk, the application might be a few questions, or it might be several pages. The application will be used to determine rates, whether or not to insure the risk, and it will also become part of the policy. In other words, if any of the questions are answered incorrectly it can mean the difference between a claim being covered or not covered. We are also seeing carriers using a risk analysis tool, which will use the domain for the business’s website to run an analysis to see if there are any major security threats or vulnerabilities. The results of the analysis will be factored into the underwriting and are also shared with clients as a risk management tool.


What advice do you have for small and midsized businesses regarding cyber risk?

Don’t assume because you are not a major corporation that you are not at risk of a cyber-attack. Cybercriminals have learned that it’s better for them to fly under the radar by attacking smaller businesses because it keeps them out of the headlines. Breaches can cost small businesses hundreds of thousands of dollars, which can be enough to shutter many companies. Something else to remember is that most attacks come through phishing emails that are inadvertently opened by employees. You may have all of the best security protocols in place and still get attacked. This is why it’s vital to not only have a great security infrastructure but to also have a cyber insurance policy in place in case there is a breach.


About the Author

Jonathan Mayotte, CIC, is a Commercial Insurance Advisor with Thornton Powell. The firm is a full-service independent agency committed to providing clients with sound risk solutions and unrivaled service.  Thornton Powell has been managing the insurance needs of individuals and businesses in the Midwest since 1982.






John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.


Related posts

Using LastPass? Run for the Hills!

Using LastPass? Run for the Hills!

I’ve been a big proponent of using a password manager for years. Managers allow users to develop a litany of complex, effective passwords without having to remember or write down tens if not hundreds of passwords. I’ve touted the password manager called LastPass as...

Myth-busting: Safe Cloud Storage

Myth-busting: Safe Cloud Storage

John Ahlberg and John Quinn talk about the benefits of cloud backups, common misconceptions regarding cloud data storage, and cybersecurity 101 for business. One of the most common misconceptions is that data is "protected" when it is stored in the cloud. It is a...

Waident on YouTube!

Waident on YouTube!

We are excited to announce that Waident launched a series of short talks on YouTube!   Meet IT experts: John Ahlberg, the CEO and founder of Waident Technology Solutions. John worked as a CIO in the corporate world and now he makes sure Waident keeps people...

Subscribe to our blog!

Get our latest thinking to keep your people productive, your enterprise running, and your data safe.

Share This