We always know when insurance companies are soliciting cyber insurance. We tend to get a lot of questions about it: What is it and do I need it are the most frequent ones. This is my reply.
There are a host of things that come into play–contractual obligations, market conditions, revenue size, “sleep good at night” factors, type of industry, and network architecture. Also, what do you do currently that helps secure your network? Insurance companies are in the business of taking the fall so-to-speak if something happens. They must do everything possible to mitigate their risk. Oftentimes, if you’re already doing those things, you have a lesser reason for needing it in the first place. However, some organizations have a bigger target on their back. If you are in the financial world, healthcare, or other industries where you store personal data, the need for cyber insurance becomes easier to justify.
For many of our clients, ‘most’ of them already have MFA (multi-factor authentication) turned on for their e-mail. They have encrypted cloud backups in place, so even if they got hit with ransomware, they are able to completely recover their data, they have current antivirus in place, etc. But the limit to what you can do to further secure your organization is almost endless. We have some clients who use MFA for simply logging into Windows. Others have ‘EDR’ (endpoint detection & response) in place. The more of these things you do to stay secure, the less risk factor you have.
The actual insurance policy part is easy. The difficult part is compliance with the policy and risk management/transference mechanisms, so be sure to get a clear understanding of what is and what isn’t covered.
We have been fortunate to never have one of our managed customers involved in a breach. If you want more information about our Managed Services, please reach out for a free private and confidential consultation!