Ask an Agent: Cyber Insurance Prerequisites



Getting cyber insurance can be intimidating and time-consuming but it doesn’t have to be either of those. Jonathan Mayotte, Commercial Insurance Advisor offers some insights into common questions companies have on cyber insurance.


What are the current cybersecurity requirements for a business to be insured?

The requirements vary depending on the carrier, policy limits, and the type of industry being insured. Businesses that store or process large amounts of sensitive data like law firms, technology firms, or medical practices, will have stricter security requirements than say a handyman. At a minimum, carriers want to see that a business is keeping their software and virus software up to date. At most, they are going to want to see multi-factor authentication, limited access to systems and networks, regular offsite backups, and disaster recovery plans. My advice to any business is to always have the IT person involved in the process.


What are the steps insurance companies take to assess cyber risks and insurability?

Each carrier will require an application to be completed. Depending on the size of the risk, the application might be a few questions, or it might be several pages. The application will be used to determine rates, whether or not to insure the risk, and it will also become part of the policy. In other words, if any of the questions are answered incorrectly it can mean the difference between a claim being covered or not covered. We are also seeing carriers using a risk analysis tool, which will use the domain for the business’s website to run an analysis to see if there are any major security threats or vulnerabilities. The results of the analysis will be factored into the underwriting and are also shared with clients as a risk management tool.


What advice do you have for small and midsized businesses regarding cyber risk?

Don’t assume because you are not a major corporation that you are not at risk of a cyber-attack. Cybercriminals have learned that it’s better for them to fly under the radar by attacking smaller businesses because it keeps them out of the headlines. Breaches can cost small businesses hundreds of thousands of dollars, which can be enough to shutter many companies. Something else to remember is that most attacks come through phishing emails that are inadvertently opened by employees. You may have all of the best security protocols in place and still get attacked. This is why it’s vital to not only have a great security infrastructure but to also have a cyber insurance policy in place in case there is a breach.


About the Author

Jonathan Mayotte, CIC, is a Commercial Insurance Advisor with Thornton Powell. The firm is a full-service independent agency committed to providing clients with sound risk solutions and unrivaled service.  Thornton Powell has been managing the insurance needs of individuals and businesses in the Midwest since 1982.








John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Related posts

Why Your Business Should Be Using a Firewall

Why Your Business Should Be Using a Firewall

If you are not using a firewall, it is time to change your approach. Often, business owners think their business is too small to be of interest to cybercriminals. Trust me when I say, hackers are interested in any easy target. No one is safe. According to the National...

Accessibility Toolbar

Share This