Understanding a Cyber Liability Insurance Questionnaire and Application

A number of misconceptions stand in the way of small businesses investing in cyber security, ultimately putting them in a vulnerable position where it's not just their data at stake, but their livelihood. Given that a hacker can cost a small business upward of $200,000 and cause about 60% of them to shut down within just six months, there's truly no business that's "too small" to justify protection. In fact, the smallest companies tend to be the best targets because hackers know their security is generally sub-par.?

So, how can small companies invest in cyber security without blowing their IT budget? More importantly, how can you protect yourself from fines and the resulting damage of an attack in the event that your security isn't enough to stop a hacker? That's where cyber liability insurance comes in, and here's what you need to know about it before you buy in.?

The Purpose of Cyber Security

Whether your business lives completely on-premises, completely in the cloud, or in a "hybrid state," you are prone to cyber attacks. The purpose of cyber security is to help your company plan for potential threats and do everything you can to detect vulnerabilities, monitor for attempted attacks so you can act quickly to thwart them, and have a plan in place to act if an attacker does manage to get into your network so you can limit their access and the damage they can do.?

On paper, the concept may sound simple. In fact, most businesses underestimate it, and they think it's a simple matter of locking up the "doors" by using strong passwords and even implementing two-factor authentication. However, while both of these represent good security hygiene, it doesn't matter if you lock all the doors because if just one window is left ajar, it's easy for any willing attacker to find their way to it.

Cyber security efforts help make sure that all of your doors and windows are secure. Not just locked but reinforced with secondary locks and alarms, helping to prevent entry and alerting you if someone finds their way through. Plus, once inside, cyber security makes sure that all internal doors are locked and secured with permissions and access controls that will help stop an attacker in their tracks as they try to get to the valuable stuff, like customer payment information and proprietary information.?

In other words, cyber security goes beyond passwords and whatever bare minimum protections your hardware and software come with. Cyber security requires a thoughtful and robust set of specific protocols and protections designed explicitly for your business's needs. Once those are in place, cyber liability insurance acts like car insurance, helping to cover your costs in case all your good driving still isn't enough to prevent a collision.?

Why Is Cyber Liability Insurance Important?

Small companies may think they're immune from the harm that cybercriminals can cause, but they're actually a prime target. According to one study, small businesses are three times?more likely to be targeted by a cyber attack than large ones. One of the primary reasons is that attacks on small businesses tend to be successful more often because of the lack of cyber security protocols in place among them.

Of course, even with efforts to protect your company, the best hackers can still get into your systems—after all, they manage to beat out some of the world's most advanced solutions, causing companies like Epsilon to lose more than $4 billion in mere minutes. In other words, no one is immune to the havoc that cybercriminals can wreak, and even with precautions, hackers could still cause major financial damage to your business. That's precisely why investing in cyber liability insurance adds a crucial layer of protection to your operations.

Cyber liability insurance will not help stop an attack from happening, but it will help cover your losses if an attack does occur. Ultimately, this coverage can make the difference between your business shutting its doors for good and being able to make a swift recovery and learn from your mistakes.?

What Does Cyber Liability Insurance Cover??

After an attack occurs, cyber liability insurance can immediately kick in to help cover the clean-up and repair for both your systems and reputation. Some of the services that may be covered by your cyber liability insurance policy include the following.

• IT forensics: The process of IT forensics can help your business discover hackers in your system by uncovering evidence of malicious activity. Additionally, it focuses on preserving any evidence of that activity, which could help officials trace them down and uncover their location or other identifying information.?
• Public relations (PR):?This assistance will help your business maintain its reputation by thoughtfully communicating with your customers about how you protect their information. It can also help you manage negative press following a cyber attack.?
• Legal counsel:?These services are provided to help your business file paperwork with the right officials and minimize fines resulting from a cyber attack. Your plan may also cover claim preparation costs, court attendance, and related services.
• Notification services:?This will help reduce the administrative burden of reaching out to the affected parties (i.e., your users or customers) while ensuring they are informed about data breaches in a timely and thoughtful manner.?
• Business income and digital restoration:?This coverage is designed to help minimize the financial and operational impact an attack can have on your business by getting you up and running again quickly and even providing compensation for downtime or other losses.?

Some of the other aspects to look for in your cyber liability coverage include cyber crime, cyber extortion, multimedia liability, privacy and security liability, regulatory investigations, system hijacking, and PCI compliance assistance.?

Elements of the Insurance Questionnaire and Application?

When applying for cyber liability insurance, one thing that will impact your eligibility and premiums is the controls you have in place. While filling out the questionnaire and application, you can expect multiple elements to be addressed. Making sure that you have these controls in place before applying for cyber liability insurance will increase your odds of getting approved and getting a great rate.?

Some of the primary controls you need to implement include:

• Multifactor authentication protocols for any admin or user with privileged controls who accesses your systems remotely. This means that, after entering their email and password, an authentication service will text or email a code to the user, and they will need to enter it before they can access your systems.?
• Secured, encrypted, and tested backups. Full system backups will allow you to quickly and easily restore a system to a secure, recent state if a vulnerability or intrusion is detected.
• Privileged access management (PAM) to ensure users only have the level of access they actually require. These systems help you view a user's access and revoke unnecessary privileges as their duties change.?
• Email filtering and web security to prevent your employees from accidentally interacting with content that could lead to malware or other malicious software getting into your systems. For instance, these services can prevent users from opening infected emails that made it past the spam filter.?
• Patch management and vulnerability management to keep your systems up-to-date. These systems will make you aware of any outdated systems that could be leveraged by a hacker while helping you stay ahead of new releases.?
• Cyber incident response planning and testing services. These plans will help your employees act quickly and efficiently in the event of an attack or attempted attack, thus helping to minimize damage.
• Cybersecurity awareness and phishing training. This training will help your employees recognize threats, vulnerabilities, and schemes and realize the importance of remedying them.
• Hardening techniques, including remote desktop protocol (RDP) mitigation. These solutions require a technical expert, but they will work to strengthen your networks and systems from the inside by closing and locking "open doors" within your systems.
• Logging and network monitoring services. These allow you to track who's online and what they're doing at any point in time, allowing you to turn off untrusted connections or terminate sessions after they've been inactive for so long.?
• Protections and replacements for end-of-life systems, which require you to plan for the phasing out of any software or hardware that's no longer maintained securely.?
• Vendor and digital supply chain risk management, which will help protect you from threats posed by vendors and partners that do not have solid security standards in place.?

If you don't yet have controls like this in place, it's important that you address cyber security concerns from the source and implement a cyber security protection plan that includes these controls before you move forward with purchasing a cyber liability insurance policy. Not only will it be difficult (if not impossible) to qualify for cyber liability insurance without these controls in place, but it will also result in high premiums due to the great risk of suffering from an attack.?

Protect Your Company from Cyber Threats

Ultimately, cyber liability insurance is just one piece of the puzzle when it comes to protecting your company from the threats posed by today's hackers. While it will take some legwork to get ready for your insurance application, it's in your business's best interest to do all you can to protect your systems from an attack. As a result, you'll enjoy lower premiums and peace of mind knowing that you're covered on all fronts, even if an attack does happen.?

If you're interested in learning more about how you can protect your business from cyber threats, it's time to speak with an expert.?Book a free call?with?Erick Solms?to get started protecting your business from liability.?

Erick Solms?is the Founder of?Simplitfy?in West Palm Beach, Florida. Simplitfy provides IT and cybersecurity services to Small and Medium Business in South Florida.?To contact him personally or to inquire about information technology services, please email?[email protected]?or visit?www.simplitfy.com?or use the QR Code to book a call with him.