Many organizations today have a cyber liability insurance policy which can help them recover from a cyberattack or breach. Cyber liability insurance has evolved over the last 10-15 years given the increasing number and sophistication of attacks. Here are a few things to consider as it pertains to cyber liability insurance.
- It’s dangerous to rely on self-certification when it comes to security, compliance, and cyber liability insurance. While it may seem like you’re saving time and money by self-attesting that you have met security requirements, it can end up costing you more in the long run. Most agencies don’t know how to adequately score themselves, even if they have good controls to minimize risk. Working with a third-party agency like Tego who utilizes a framework-based approach to security will ensure that you have the appropriate controls in place and operational to protect your environment and your data.
- Premium and retention (deductible) amounts for policies are increasing due to the amount of cyberattacks that organizations are experiencing. “Deductibles used to be about $1,000 5-6 years ago,” said David Holmes, Risk Advisor at Wade Associates. “Deductible amounts of $25,000-$50,000 are common today.” Some organizations need to bring in additional carriers to be able to meet the escalating retention amounts.
- Organizations need to be proactive and think like hackers do to better protect their data. Performing a penetration test is a good way to simulate an attack on your environment. Penetration testing is a simulated cyberattack and a form of ethical hacking. Penetration tests led by Tego attempt to infiltrate your security defenses to find any vulnerabilities that can be exploited, much like a hacker does.
- Although very few insurance claims fail, when they do it is because an organization is attesting to something they didn’t actually do. “We are getting to the point that companies are having to attest to what they are doing to ensure claims can get paid,” said Holmes. This is another reason why it’s critical to have a third-party agency perform an assessment. Holmes and his team also see claims fail because an organization thinks they have a specific type of coverage (such as social engineering for a phishing attack) and they don’t.
Take the time to review your policy and ensure your organization is covered for cyberattacks. For more information, contact us today.