Have you set aside money in your IT budget for cyber insurance yet? If you haven’t, you most likely will soon. Cybersecurity Liability Insurance is a specific type of insurance intended to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. It’s something that many industries will be required to have within the next few years in order to maintain compliance, but there’s another issue; cyber insurance is getting more expensive and harder to obtain.
Why Is It Getting Harder to Obtain?
Huntsman Security’s, an Australia-based risk management and monitoring specialist, CEO, Peter Woollacott, said “…increases in insurance premiums, limits on coverage, increasing underwriting rigor and capacity constraints are all limiting the accessibility of cyber insurance for many,” according to ComputerWeekly. He went on to say that recent and upcoming regulatory changes, stricter demands from the Financial Conduct Authority, and new guidance from the Information Commissioner’s Office means that risk is becoming harder to quantify, and proving compliance is becoming more and more difficult and demanding. Cyber insurance is becoming a critical element in risk management strategies, as it should – setting aside a portion of your IT budget to purchase cyber insurance is something you’ll most likely need to plan for in the upcoming years if you haven’t already. However, just buying cyber insurance and hoping for the best won’t cut it. Cyber insurance will only benefit your organization if you can back up and prove the cybersecurity measures you have in place meet or exceed the insurance policy’s regulations. According to Woollacott through ComputerWeekly, insurers are changing the basis on which they offer their policies to reflect the risk being underwritten more accurately, and in such an environment, improving and demonstrating the effectiveness of one’s security controls will become even more essential for organizations that want the best chance of getting an appropriate policy.
Getting Insurance Is Step One, Now You Need to Follow Security Best Practices
The best way to protect yourself and ensure that your cyber insurance works for your organization, is to maintain best security and compliance practices, across all areas of your company – internet, computer, social, physical – all areas need to be held to the highest security standards. A computer company in Minnesota recently had an issue with cyber insurance not covering a portion of their cyber-crime related loss. The computer company fell for what the courts considered to be a “social engineering” attack, and the insurance company was only liable to pay up to $100,000 instead of the $600,000 in losses the company actually endured. The Purchasing Manager at this Minnesota-based computer company received an email asking for a change of bank account information, and they went forward with the change without properly double and triple checking that the email was legitimate. This situation lost the company $500,000 because the courts ruled that the computer company was not upholding best social-security practices. Now you know how important cyber insurance is to consider, but what about upholding best security practices across all facets of your organization? Where do you even start with that? As a SOC2 Type II Certified MSP/MSSP, Pioneer-360 has you covered. We know best-security practices, we work with your organization to get you there, and we can help you maintain your security and compliance regulations. Call us today to find out more about how we can help you obtain, upkeep, and benefit from your cyber insurance.