5 Cyber Insurance Policy Essentials

Image you have a cyber attack. What do you do? And how much will this cost you? Cyber insurance can play a huge role in the moments following a security event, but not all policies and coverage types are created equal. Your policy should be highly specialized, and a regular insurance agent rarely has the experience to find the right policy or help if you have a security incident. That's why it's so important to find a cyber insurance provider that makes sense for your business.

Here Are 5 Essential Elements of a Robust Cyber Insurance Policy:

1. Cyber Insurance Products and Coverage

You want to partner with a cyber insurance provider that provides coverage for your 1st and 3rd party losses including breach, ransomware, cyber crime, and risk analysis tools. 

• First-Party Coverage - Covers losses and damages to your company's computers, network, IT systems, and business that result from a cyber-attack.
• Third-Party Coverage - Covers losses and damages to third parties, such as customers or related business, that result from a cyber-incident.
• Clear Language and Explanations - Understanding precisely what is covered and not covered is critical in really getting to know your coverage and vulnerabilities.
• Compares Your Cyber Coverage to Your Peers - Know how your cyber coverage compares to similar-sized companies in your industry. This allows you to make the best decisions if it’s time to make a switch.

2. Pre-Breach Services

In order to make the right decisions for your business, you need the most up to date and appropriate analysis of your individual cyber risk in financial terms.

• Comprehensive Cyber Risk Analysis - Includes a detailed individual cyber risk analysis from a cyber risk model should incorporate thousands of potential risk factors. Preferably a model that includes the most data as possible.
• IT and MSP Coordination - Your company should use an insurance firm that knows your team and works directly with your MSP. This leads to a quick and efficient recovery when necessary.
• Analyzing Your Current IT and Cyber Stack - Determining the current state of your IT and cybersecurity stack. You can see your security risk compared to similar organizations of your size and industry.
• Breach Preparedness and Security Awareness Training - Your choice of insurer should be able to educate your team on how to protect your company pre-emptively.

3. Breach Response

Your cyber insurance provider may be able to provide response services such as PCO Re-Certification services, notification expense, foreign notification, PR expense, overtime, reputation harm, etc.

• Incorporates Current MSP - You need a provider that works directly with your pre-vetted MSP in advance and after an incident to ensure the absolute fastest and most-effective resolution.
• Expert and Professional Repair - You and your MSP need access to a network of world-class cyber responders who have dealt with nearly every type of cyber incident—to help resolve issues fast.
• Incident Preparedness - Identifies a response team to work with you and your MSP in advance, and again after an incident to harden your systems and assure that another attack doesn’t take place.
• Breach Coach - You also need a dedicated breach coach to help you manage a cyber incident, retain a forensic professional, notify customers, and manage crisis communication.
• Computer Forensic Services - You will need a forensic investigator who is assigned to work with law enforcement agencies and private firms in the collection, preservation, and examination of your digital media. Find someone who will connect you to these services and ensure that an investigation is both immediate and thorough following a breach.
• Bricking - Bricking is when a computer device is rendered non-functional after a cyber-attack. Your insurance company needs to replace your device if it cannot be restored.

4. Distribution with Local Security Support

A comprehensive cyber security program requires getting your whole team working together. You need an insurance company that can work directly with your MSP and IT team. 

• Direct-Buy - You can directly purchase cyber insurance from an insurance specialist who understands security and how to match your needs to the best coverage; versus a typical insurance broker who isn’t a cyber expert.
• Affiliate - Select a company that aligns with your pre-vetted local Managed Service Provider (MSP) who already knows your business, systems and security. This assures individualized help to prevent security problems or the fastest response and remediation if there is ever an incident.

5. Cyber Tools

Your cyber insurance provider should be able to work with your managed security service provider (MSSP) to help prevent breaches and remediate if they occur. 

• Threat Monitor - Your provider needs to use the best threat detection and monitoring services and system to help prevent breach, phishing, and ransomware attacks.
• DDoS Mitigation - Find people who leverage tools to mitigate a denial-of-service cyber-attack when a perpetrator seeks to temporarily or indefinitely disrupt a domain, machine, or network.
• Credential Monitoring - A good team runs alerts on your employee’s credentials, passwords, and data and sends alerts if they appear to have been compromised—helping you make changes to prevent an identity breach.
• Patch Manager - Your systems are monitored to ensure all drivers and applications are up-to-date and the automatically updated, or your MSP is notified to update—ensuring you reduce system vulnerabilities.

For more information about cyber insurance, and finding the right policy for your business, reach out to iCorps for a free IT consultation.