The 20’s Super Simple Guide to Cyber Insurance
Part 6 – Cyber Insurance and Security
You can’t talk about cyber insurance without talking about cybersecurity. In fact, the previous topics covered in this Super Simple Guide – compliance, encryption, scope of data, and multi-factor authentication – all fall under the cybersecurity umbrella.
But let’s take a step back from the specifics and look at the concept of security as a whole and its relationship to cyber insurance. What does looking at the big picture teach us?
Lesson #1 – Cyber Insurance and Cybersecurity: Partners Against Crime
If you take one thing from this Super Simple Guide, let it be this:
Cyber insurance is not a substitute for healthy cybersecurity practices.
Getting cyber insurance because you don’t feel like dealing with cybersecurity is like purchasing car insurance because you don’t feel like keeping your eyes on the road.
First of all, cyber insurance policies don’t cover every cost associated with a cyberattack. In fact, there is a trend in the cyber insurance industry toward greater selectivity and caution about scope of coverage. For instance, we’re now seeing carriers refusing to provide coverage for “social engineering” attacks, which are an extremely common type of breach.
But even if you have great coverage, your business can still fall prey to one of the most insidious costs of a cyberattack: reputational damage. A study by Vercara found that 75% of U.S. consumers would sever ties with a brand in the aftermath of a cybersecurity issue.
Finally — and perhaps most importantly — cyber insurance isn’t an excuse to be lax about cybersecurity because cybercrime hurts people. This might sound obvious, but it’s not; for whatever reason, it’s easy to forget that cybercrime has real world consequences people’s lives upside down.
Bottom line: Your cyber insurance policy does not absolve you of the responsibility to maintain a robust security posture. Why? Because suffering a cyberattack can be devastating, whether you have cyber coverage or not. It’s that simple.
Lesson #2: The Cybersecurity Bar Is Getting Higher
Cyber insurance is a young industry, but one that is rapidly evolving. Carriers are becoming more and more discerning and demanding about the cybersecurity practices used at their insureds’ businesses.
Cyber insurance carriers want to see that your business has a firm grasp of cybersecurity basics, however, the ‘basics’ are constantly expanding. Something like MFA didn’t use to be a security ‘must-have.’ Now it is. Same goes for email encryption and a variety of other security tools and processes.
Why is this happening? Because cybercrime itself is evolving, and at breakneck speed. Thus, cybersecurity has to be approached as a process, not a destination – an ongoing effort to keep pace with cybercriminals (or one step ahead of them if we’re lucky).
Bottom line: You should be constantly seeking to improve your organization’s security posture to keep your business safe, not to make cyber insurance companies happy. That said, the increasingly strict demands required from carriers are designed to boost your organization’s security. If you’re interested in purchasing – or keeping – a cyber insurance policy, you must be just as involved in your own security.
Lesson #3: Get Help!
Cybersecurity can be overwhelming. The rapidly evolving security landscape makes it hard to know which solutions you actually need, and which ones are just the latest fad. You don’t have hours and hours to research everything, nor do you have the massive IT budget to experiment with costly solutions on a trial-and-error basis.
For this reason, more and more SMBs are turning to managed service providers (MSPs) to help with cybersecurity and other important aspects of IT strategy. An MSP can help your organization bring its entire security framework up to speed and under budget, freeing you up to focus on running your business.
What’s Next?
We’ve got one blog left – one blog away from you becoming a cyber insurance expert! In our final installment, we’ll discuss the importance of data backups in relation to cyber insurance – a topic you won’t want to miss. Keep an eye on our main page for when it goes live.