43% of cyberattacks in the U.S. target small businesses.
Cybersecurity insurance is fast becoming a necessity when it comes to effective cyber protection. A good policy can essentially keep your doors open when disaster strikes, offering everything from ransomware payout demands to legal fees. Cybersecurity insurance is a critical security best-practice for every business, small or large. It’s an added security that allows your business to recover from worst-case-scenario cyberattack events. While every policy and insurance carrier varies, here’s what you need to know about protecting your business with cybersecurity insurance.
Does your business need it?
In general, if you can answer “yes” to any one of the following questions, you need cybersecurity insurance.
Does your organization …
… conduct business online?
… use technology?
… store or send electronic data?
Policies typically include:
• Recovery/replacement of lost or stolen data
• Ransom demand payments
• Attack remediation and recovery
• Legal costs, penalties and fines
• Lost income from business interruption
• Replacement/repair of damaged hardware and software
How to meet the requirements
Getting a policy, and renewing it, can be difficult, even for large organizations. Rising claims and costly payouts are forcing insurers to
balance out risk by stepping up qualifications. Most insurers expect you to have these elements in place before granting insurance:
• Firewall and anti-virus software
• Endpoint detection and response (EDR)
• Backup and disaster recovery solutions
• Advanced email filtering
• Multifactor authentication
• Privileged access management (PAM)
• Cybersecurity awareness training
Questions about cybersecurity insurance
If cybersecurity insurance is a new topic for you or your team, start by reading what cybersecurity covers and may NOT cover should your business experience a breach. One critical point to make: lack of employee cybersecurity awareness and training is cause for some insurances to void protection. It helps to work with a managed services provider, commonly referred to as an MSP, to ensure your network is protected from outside threats as well as inside employee breaches. Your employees are your front-line protection to ensure bad agents don’t gain access. Check out the article on Passwords vs. Passphrases to learn more about securing access.