🐡 Create a SOFT-LANDING strategy with cybersecurity insurance
The tech-celeration of 2020 drove many of our digital initiatives into overdrive. Today, our business processes are heavily integrated with technology. What can we do to protect those assets when, as of last week, there are 18,000 known vulnerabilities?
Getting cyber insurance is highly recommended. Everyone is exposed, and even with safeguarding controls in place - a soft landing strategy might be worth looking into.
The number of threats outpace the safeguarding controls a company can implement, so there is merit in having better incident management. Regulation and compliance frameworks have already made this shift, and the data proves it is effective.
Incident management success depends on the plan. Clear communication between Executives - Operations - IT interfacing with external resources - legal counsel, and today’s subject - Cyber Insurance Providers.
Your provider can assist with responding to the a hacker group’s demands, or simply cover the costs of loss of business while you restore from backup. We all have great backups, right?
Pricing
Determining coverage is very nuanced, and prices vary greatly. A policy quote can have many dependencies like: potential losses, actual losses, modeling, actuarial data, interdependencies between primary and reinsurer, one sigma standard deviations…🤯 (I had to google that last one, but still not sure what it means).
Eligibility
Insurance providers typically expect you to have taken certain steps to secure your company’s digital assets against cyber attacks. Here are some of the things that cyber insurance providers may require:
Security Measures: providers will want to know what security measures you have in place - firewalls, antivirus software, and other security protocols.
Risk Assessment: This can help you determine what type of coverage you need.
Incident Response Plan: standardize how to quickly respond to cyber attacks.
Employee Training: employees will need to be trained on how to identify and respond to cyber threats.
💡 Even if your company does not qualify for cyber insurance, or may not have the budget for it, the assessment process can still be valuable in starting an important conversation about cybersecurity within your organization. The business insights and action items that arise from these conversations can be extremely valuable for your IT roadmap.