Insurance carriers will offer Cyber Insurance based on various factors. Payroll, Gross Revenue, and the type of business will impact which carrier will offer coverage. The final step to obtain Cyber coverage is to make sure your business has good Cyber Security practices. If you want to make sure you get the best possible rate and coverage, you will need to have a good Cyber Security program otherwise you will either pay a hefty price or even worse, you could be uninsurable.
You may ask yourself, “do I really have a cyber exposure”? Ask yourself these questions:
Do you:
1. Operate a website for your business?
2. Maintain a customer/client database online or on a computer?
3. Interact with your customers/clients via email or phone?
If you answered “Yes” to any of the above, you could experience a cyber incident. Standalone cyber insurance covers losses and expenses needed to recover quickly, including legal and client notification services.
Common Cyber Risks
Business Interruption
- Shutdown due to a cyber incident such as a ransomware attack.
- When data backups are impacted, restoration can be near impossible.
- Cyber insurance can cover the loss of revenue due to business interruption, and the cost of rebuilding compromised systems.
Phishing and Email Scams
- Just one click on a malicious link can lead to a cyber incident.
- Cyber insurance provides coverage for first-party expenses, loss of revenue, liability, and more.
Compromise of Customers’ and Supply Chain Data
- Cyber incidents might lead to the compromise of sensitive data and could damage your reputation.
- Cyber insurance can cover expenses needed to recover data, notify impacted parties, and subscribe them to a credit monitoring service.
TIPS TO PROTECT YOUR BUSINESS FROM A CYBER BREACH
Cyber Insurance is just a business continuity plan and if you need one, we can help you get some quotes, however preventing the breach is even better. There are a few things that can be done to prevent a loss such as make sure your team closely reviews email addresses or call to verify invoices etc.…When looking at emails, make sure the email sender address doesn’t have an extra “s”, or the font has not been changed to make it look like an “I” when it is really an “L”.
1. Multi-factor authentication (MFA)
- Enforce MFA for all users on email, cloud applications, and for remote access.
- Preference to be given to authentication apps (examples: Google Authenticator or Duo Security) over SMS/text messaging, since phones are vulnerable to SIM swapping, fake SIM recovery messages, and other unauthenticated SIM attacks.
2. Cybersecurity Awareness Training – Train employees to recognize malicious (Phishing) emails.
- Insurance policies often include a Cybersecurity Awareness Training Program. If you don’t have a security training program in place, get one in place.
3. Have an Incident Response Plan in place and tested
4. Isolated, Offline Backups
- Backups should be isolated from the internet and other systems, fully encrypted, and MFA should be enabled for all accounts having access to backups.
For more information on how to obtain Cyber Insurance please contact Kraig Sturgill at Hako Risk & Insurance.
Thank you,
Kraig Sturgill
ksturgill@hakorisk.com
602-552-4248