Getting cyber insurance can be intimidating and time-consuming but it doesn’t have to be either of those. Jonathan Mayotte, Commercial Insurance Advisor with Thornton Powell offers some insights into common questions companies have on cyber insurance.
What are the current cybersecurity requirements for a business to be insured?
The requirements vary depending on the carrier, policy limits, and the type of industry being insured. Businesses that store or process large amounts of sensitive data like law firms, technology firms, or medical practices, will have stricter security requirements than say a handyman. At a minimum, carriers want to see that a business is keeping their software and virus software up to date. At most, they are going to want to see multi-factor authentication, limited access to systems and networks, regular offsite backups, and disaster recovery plans. My advice to any business is to always have the IT person involved in the process.
What are the steps insurance companies take to assess cyber risks and insurability?
Each carrier will require an application to be completed. Depending on the size of the risk, the application might be a few questions, or it might be several pages. The application will be used to determine rates, whether or not to insure the risk, and it will also become part of the policy. In other words, if any of the questions are answered incorrectly it can mean the difference between a claim being covered or not covered. We are also seeing carriers using a risk analysis tool, which will use the domain for the business’s website to run an analysis to see if there are any major security threats or vulnerabilities. The results of the analysis will be factored into the underwriting and are also shared with clients as a risk management tool.
What advice do you have for small and midsized businesses regarding cyber risk?
Don’t assume because you are not a major corporation that you are not at risk of a cyber-attack. Cybercriminals have learned that it’s better for them to fly under the radar by attacking smaller businesses because it keeps them out of the headlines. Breaches can cost small businesses hundreds of thousands of dollars, which can be enough to shutter many companies. Something else to remember is that most attacks come through phishing emails that are inadvertently opened by employees. You may have all of the best security protocols in place and still get attacked. This is why it’s vital to not only have a great security infrastructure but to also have a cyber insurance policy in place in case there is a breach.
About the Author
Jonathan Mayotte, CIC, is a Commercial Insurance Advisor with Thornton Powell. The firm is a full-service independent agency committed to providing clients with sound risk solutions and unrivaled service. Thornton Powell has been managing the insurance needs of individuals and businesses in the Midwest since 1982.