There’s no doubt any longer that it’s not safe out there… no matter who you are. If you’re a company that has data worth stealing, you’re on the target list.
When names like the FBI, the DHS or the IRS have a data breach, it is quite a different kind of breach than what companies face, as they’re organizations that are not impacted by financial or customer loss being that we still need them to continue to serve and protect us. Though one wonders nonetheless, if they can’t protect their own data, how are they able to serve and protect all of us?
Today, you risk a breach not only to your data, but damage to your reputation. When a breach happens, besides inevitable financial and customer loss and a potential drop in stock price and shareholder lawsuits, your company is at risk for significant costs to respond to an incident, to investigate and correct the incident, to respond to regulator inquiries and investigations which potentially leave the company exposed and subject to big fines and penalties. Besides that, there will most likely be plaintiff lawsuits from the victims who had their data stolen, which will mean expensive defense costs.
First off, without knowledge of what you are attempting to protect, the threat cannot be managed.
Many companies today are still unable to answer the following questions: what is their most sensitive and critical data, where is it located, who has access, and how is it protected?
The more data that is stored, the more vital it is to ensure its security.
Cyber-insurance is a safety net for many companies when their security fails, but is it is not a panacea for cyber risk, nor is it a replacement for cyber and data security or proper cyber hygiene habits. However, many still look at cyber insurance and feel that any “cyber” related incident is going to be covered. This is just not the case. Not all causes of cyber or data loss can be transferred to a cyber insurance policy.
It is important for companies that are applying for cyber insurance to understand, as stated above and certainly worth repeating, “the more data that is stored, the more vital it is to ensure its security.” It is surprising to see that many companies, and organizations as mentioned above still are not able to demonstrate this.
For example, encryption, it’s not unimportant, it’s not the be-all and end-all, it’s just one of the many pieces that underwriters like to see and in many instances, they will penalize a company for not utilizing it, either with a high premium, or a policy exclusion. Cyber insurer underwriters are nonetheless concerned about the security of unecrypted data at rest that is only password protected, as should the company who owns the data. Yet there are many companies today that still do not encrypt their data, and are at risk, being that a lost or stolen password creates easy access to a company’s most sensitive data which can potentially lead to a large loss, and an expensive insurance claim.
Many companies that have purchased cyber insurance are not clear in which circumstances a cyber insurance claim would be paid. In some cyber insurance policies, failure to encrypt your data at rest that leads to a data breach, will be a denied insurance claim.
What has become the most important risk to cover, has become the most important process a company has to get right from the start, and right up to the anticipated insurance claim. From assessing and identifying cyber risks and aligning them to cyber insurance coverages, preparing for the cyber insurance underwriting process, enduring the underwriting process, and navigating the plethora of non-standard cyber insurance policy offerings – these and more are what a company is up against when purchasing a cyber insurance policy.
This is why it is crucial to work with an experienced cyber insurance broker who can assist and help guide the company through this complex process.
For help with your company’s cyber insurance, please complete our cyber insurance quote request form or give us a call.