IT Best Practices for Cyber-Insurance
Cybercrime has continued to rise over the past 18 months, impacting businesses of all sizes. This has prompted an increased awareness of and interest in cyber-insurance. This post explains what it is, and what businesses need to know about getting coverage, including IT best practices.
Common cyberattacks that impact businesses are:
- Data breach
- Ransomware
- Malware
- Phishing
- Business email compromise
- Corporate account takeover
Different cyber-insurance products provide coverage for different types of cyberattacks. For example, providers may offer both cyber liability insurance and data breach insurance as two separate policies.
Why do businesses need cyber-insurance?
The cost of dealing with a cyberattack can potentially ruin a business. As one example, according to IBM, a data breach costs businesses an average of $4.24 million. So, cyber-insurance can be essential in helping your company recover after a cyberattack.
Depending on your policy(ies), cyber-insurance can help alleviate costs related to:
- Business disruption/downtime
- Revenue loss
- Equipment damages
- Legal fees
- Public relations expenses
- Forensic analysis
- Fees and fines associated with legally mandated notifications
- Customer turnover
How do I get cyber-insurance for my business?
Many insurance companies offer cyber-insurance. However, it’s important to keep in mind a few things as your business applies for coverage:
- As previously mentioned, there are different types of cyber-insurance policies. So, make sure to understand what each policy covers. It’s also important that it meets the needs of your business.
- The rise in ransomware attacks over the past year has led more organizations to seek cyber-insurance. Ransomware claims rose 35% in 2020, with the surge continuing in 2021. As a result, insurance companies have taken note of the crime wave, and some are now:
- Denying applicants
- Raising rates
- Limiting coverage
- Insurance policies and payouts often depend on whether your organization follows best practices in cybersecurity.
What cybersecurity protection does my company need to get cyber-insurance coverage?
As the cyber-insurance market hardens, insurers are looking for clients with better security controls. That means the more your organization can implement cybersecurity best practices, the more likely it will be to get insurance coverage.
Cybercriminals can hack into a system through a variety of entry points. Because of this, we at Atlas take a multi-layered approach to cybersecurity with our clients. Best practices include:
- Firewalls
- Anti-virus and anti-malware software
- Email spam filtering
- Virtual private networks (VPN)
- Multi-factor authentication (MFA)
- Advanced threat detection (ATD)
- Advanced threat prevention (ATP)
We also conduct:
- Monthly vulnerability scans. These help catch current and upcoming issues that need to be addressed to keep our clients’ network and devices secure.
- Monthly activity reports. Part of this involves working with our clients to ensure all machines, servers and products are up to date. This helps to avoid potential cybersecurity risks.
