Cyber insurance is a crucial safety net in today’s digital landscape, but choosing the right policy can be complex. Here are ten considerations to guide your decision and preparation:
Understand Your Risk Profile
Begin by assessing your company’s unique cyber risk profile. (You could start HERE.)This includes considering your company size, the types of sensitive data you handle, your industry’s specific threats, and the technologies you use. Understanding your risk profile will help you identify the coverage you need.
Coverage Scope
Ensure the policy covers the range of issues you might face. This could include data breaches, network damage, business interruption, ransomware attacks, and even physical damage resulting from cyber incidents.
Exclusions
Be aware of what’s not covered. Some policies might exclude certain types of attacks or incidents, such as those caused by unpatched software.
Claim Guidelines
Understand the insurer’s claim process. How quickly do they respond? What support do they provide during a crisis? Quick response time can be critical during a cyber incident.
Policy Limits and Sub-Limits
Examine the policy’s financial limits. Make sure that these limits align with your potential risk exposure. Also, look for sub-limits that might cap the payout for specific types of claims.
Retroactive Dates
Check if the policy includes a retroactive date. If an unknown breach occurred before this date, it may not be covered.
Cybersecurity Requirements
Insurers often require certain cybersecurity measures to be in place. Make sure you meet these requirements to avoid issues when filing a claim. For example, based on a recent risk assessment that an insurance company sent to one of our clients, the following items are required for full coverage. (And as a note…small business must be careful to maintain the standards, which are easily missed for example when a new hire is brought on board. If any lapses occur, it is expected that you would contact your IT support to update the information accordingly to avoid being “dinged” on your insurance coverage.) We often recommend Microsoft 365 Business Premium licensing for our customers, which offers a range of advantages and considerations as it applies to cyber insurance.
- Enhanced Security: Business Premium provides advanced security features such as Microsoft Defender for Office 365, which offers protection against sophisticated threats, including phishing and malware attacks.
- Advanced Threat Protection: Business Premium includes Microsoft Defender for Endpoint and Defender for 365, which provides endpoint protection, threat detection, and response capabilities to safeguard your devices and data. We feed this data to our SOCLogix Partner through our SIEM (Security information and event management) and EDR (Endpoint Detection and Response) tools.
- Data Loss Prevention (DLP): With Business Premium, you can implement DLP policies to prevent the accidental or intentional sharing of sensitive information. This helps protect your business from data breaches and ensures compliance with data protection regulations.
- Information Rights Management (IRM): IRM allows you to apply restrictions to files and emails, controlling who can access, forward, or modify them. This helps you maintain control over your sensitive data, even when it’s shared externally.
- Device Management: Business Premium includes Microsoft Intune, a powerful device management solution. It enables you to remotely manage and secure devices, enforce security policies, and protect company data on both company-owned and employee-owned devices.
- Azure Active Directory (AAD): Business Premium includes Azure Active Directory Premium P1, which provides advanced identity and access management capabilities. This includes features like multi-factor authentication, conditional access policies, and self-service password reset to enhance security and streamline user access. This is required for , one of the multi-factor authentication methods we widely use.
- eDiscovery: Business Premium includes a feature that enables organizations to identify, preserve, and collect electronically stored information (ESI) for legal or compliance purposes. It provides tools and capabilities to search, analyze, and export data from various sources within Office 365, such as emails, documents, SharePoint sites, and Teams chats. eDiscovery in Office 365 streamlines the process of locating relevant information, ensuring legal hold compliance, and facilitating the production of evidence during legal proceedings or investigations.
- Exchange Online Archiving: 50GB (Basic) to 1.5TB (Premium) per user
These advantages provide enhanced security, device management capabilities, advanced productivity tools, and collaboration features, making Microsoft 365 Business Premium a comprehensive solution for businesses seeking robust cloud-based productivity and security offerings.
Third-Party Coverage
If a breach impacts your customers or other third parties, you could face legal action. Ensure your policy covers third-party claims.
Breach Support Services
Some insurers offer additional services like PR assistance, legal support, and forensic investigation following a breach. These can be invaluable in managing a cyber incident.
Policy Terms and Conditions
Finally, carefully review all terms and conditions. If there’s anything you don’t understand, ask for clarification.
Choosing the right cyber insurance policy involves understanding your risks, knowing what to look for in a policy, and seeking expert advice if needed. With due diligence, you can find a policy that provides the protection your business needs. Need help getting moving in the right direction? Our TEAM OF EXPERTS can help guide you through the cybersecurity portions or recommend a reputable cyber insurance agency. CONTACT US HERE to ask any questions!