The Increasing Requirement for Cyberliability Insurance

During a recent presentation we did on compliance, we were asked if banks are setting any cybersecurity requirements on commercial borrowers.

We checked with the two banks we work with to get the answer.

One bank requires proof of cybersecurity insurance and other makes no requirements of borrowers, but would like to.

What does this mean?

Compliance with a common or general standard such as cybersecurity insurance requirements or NIST CSF can be used to meet requirements set by supply chain partners.

While insurance carriers have their own unique requirements today, that will change within the next year or two to a common standard based on State and Federal guidelines. This is a big deal as it indicates industry and government are moving to allow proof of compliance to a standard rather than creating their own standards.

We see this with CMMC as they are in the process of identifying other acceptable cybersecurity standards that meet CMMC requirements. Again, NIST Cybersecurity Framework is a key component of major standards and meets the vast majority of industry and governmental standards.

The practice of supply chain partners enforcing requirements of cybersecurity evidence is real and will only increase as business look to reduce their liability and increase protection of data and privacy. Businesses must be prepared to demonstrate adherence to these requirements quickly and with little effort to remain competitive.

More information and resources on NIST CSF can be found here - https://www.nist.gov/cyberframework.