Preparing to Sign a Cyberinsurance Policy
by Nathan.Fouarge, on Mar 17, 2020 5:44:57 AM
Now you’ve read a little about cyber-insurance, and the challenges you might face. But don’t dismiss it just yet. There are substantial reasons to enter into a Cyberinsurance policy. Cyber insurance is there to provide resources when all of your defenses have failed, at a potentially desperate time. It can work to minimize the damage to your reputation during a breach. And industry-wide we are not seeing many cyber insurance claims being declined (yet), which is also reassuring. So let's look at the next steps to take.
Before you start requesting quotes, prepare accordingly:
- Run War Game Scenarios: Hold table top discussions with your teams (legal, HR, admin, IT / MSP, executive). Consider the scenarios that you need covered by this insurance policy and speculate on what could go wrong.
- Review Compliance: CyberInsurance isn’t a replacement for data-protection, in fact strong security measures are a prerequisite. Time to double-check how you are protecting critical data. If necessary get a security vendor like NovaStor involved to review your strategy.
Understanding the Contract
Insurance policies are contracts, and are not to be entered into lightly. As policy coverage is wide-ranging, you must understand what incident are covered and what aren't.
- Get everyone who could be affected to help fill out the application and understand the policy as best as possible throughout the company. No single person should be handling it alone.
- Ask about the requirements and restrictions of the Cyberinsurance policy. You need to know what actions could invalidate a Cyberinsurance claim.
- In the event of a breach, you must understand what actions will be required by the insurance company and in what specific order.
- Timing is critical during a breach. You must be able to anticipate the response time of your insurance provider.
Filling Out the Application
Once you start engaging insurance companies for quotes, they will want you to complete a cyber insurance application. There are a few things to bear in mind in this process;
- There is no way to insure everything. Focus on your priorities.
- Watch out for overly-broad and unreasonable question traps.
- The application will have many YES/NO boxes, but nothing that says you can't add addendums with a 'maybe' and describe why. Disclose as much as possible.
When it comes to signing on the dotted line, we hope that you've done your research and found a policy that meet your needs. A small amount of preparation can save a huge amount of heartache, and reviewing your policy with a third party security expert makes good sense. An insurer that will work with you to fine-tune a policy to fit your unique business situation will be integral to the success of your new Cyberinsurance policy.
Read PART-1 of this Cyberinsurance series here. NovaStor and NovaBACKUP have no affiliation with Cyberinsurance companies.