Looking into the world of Cyber Insurance can seem daunting and it can be difficult to know where to begin and what you need to be eligible. We have created a brief overview of Cyber Insurance and the benefits to your business by implementing it, as well as how you can bring down your premiums with Cyber Essentials.
Cyber Insurance is designed to support and protect your organisation in the event of an accidental or malicious data breach or data incident.
Your business needs to consider Cyber Insurance if:
- You run business software on a computer
- If you store any personal information or email addresses of employees or clients on a computer
- You take/make card or electronic payments
- You have a website for your business or use cloud storage for any data
This information can be highly dangerous if it gets into the wrong hands. It is important to build up a full understanding of how you’re impacted if your business suffers a security breach, and the effects this will have on your organisation.
For example, ransomware could leave your systems or devices unavailable, or you could potentially lose either your data or your customers’ data due to virus or malware infection. Then there is the financial impact on your business caused by downtime and the associated costs required for response and recovery.
Most policies will cover costs that are directly associated with a security breach including documenting and investigating the attack, data recovery and hardware repairs, notifying consumers and regulatory agencies, crisis management and PR damage control if required.
At a minimum, a company interested in buying cyber insurance must have the following safety measures in place:
- Security awareness training and testing for all employees
- All PCs must have antivirus software and this software must be kept up to date
- The company network must be protected using a firewall
- User accounts and their associated permissions must be routinely audited as well as secured with Multi-factor Authentication
- The utilisation of central patch management, ensuring critical updates are applied in a timely manner
- Business data must be regularly backed up using external media or a secure cloud service, to ensure the backups are separated from the systems they are backing up
- Companies must use endpoint protection and intrusion detection to stop attacks
- Businesses must implement regular vulnerability scanning and penetration tests
Before considering any Cyber Insurance, you need to make sure your organisation is protected from attacks in the first place by ensuring you have fundamental cyber security safeguards in place, such as those included in the Cyber Essentials or Cyber Essentials Plus certification.
When you implement Cyber Essentials or Cyber Essentials Plus, you are also provided with a basic level of cyber insurance. This is only a baseline policy, and many businesses choose to expand on this cyber insurance policy to ensure they are protected to a sufficient level to match their business requirements. The good news is, being Cyber Essentials certified will help to lower your insurance premium by demonstrating you are reducing your risks of cyber-attacks to insurance underwriters.
Some insurers will even offer discounts if your organisation has implemented a recognised cyber security standard such as Cyber Essentials or Cyber Essentials Plus. These certifications demonstrate to your customers and other stakeholders that adequate cyber security controls have been put in place.
To find out more about Cyber Essentials, speak to one of our security experts.
Contact douXnet