Due to the rise in cybercrime and the increased reliance on technology, a new type of insurance is becoming more popular with business owners – Cybersecurity Insurance.
The costs to remediate a data breach, ransomware attack, or other cyberattack have risen to be on par with the costs of other types of disasters such as a flood in the building or roof damage from a storm.
In many cases, just a single data breach can cause a smaller company to have to close its doors for good because it can’t recover from the remediation costs. Cybersecurity insurance is a way to protect your business against that type of devastating situation.
The average cost of a data breach has risen to $4.24 million, with 38% of that cost coming from lost business.
What’s Included in Cybersecurity Insurance?
While policies will vary according to the type of coverage you choose, the general costs that cybersecurity insurance covers include:
- Immediate remediation costs for the breach
- Business liabilities in case of a data breach of sensitive customer information
- Costs of breach notification to customers
- Costs of identity theft protection for impacted customers
- Repair of damaged computer systems
- Data recovery costs in the case of data loss (e.g., ransomware attack)
When applying for cybersecurity insurance, it’s important to fill out the insurance questionnaire completely. If you get any information wrong, you could end up paying significantly higher premium costs than you need to.
Just as you get discounts on auto insurance if you have certain safety precautions in place, you get discounts on IT security insurance for the types of cybersecurity protections you have.
Business owners often have a hard time understanding this type of questionnaire, which is why it’s best to have a professional like Connect2Geek help you fill it out properly. We can ensure you’re not paying more than you need to.
Questions You Can Expect When Applying for Cyber Insurance
Here are examples of a few of the questions you’ll find on a cybersecurity insurance policy application.
If You Process, Store, or Handle Credit Card Transactions, Are You PCI-DSS Compliant?
A majority of businesses process credit and debit cards for payments of products or services, but many don’t know what PCI-DSS is. The Payment Card Industry Data Security Standard (PCI-DSS) is a security requirement put in place by all the major payment card issuers (Visa, MasterCard, Amex, etc.).
It dictates certain protections for collected payment card data that need to be in place to protect that data from being breached.
Less than 30% of companies are PCI-DSS compliant, and not having those security protections in place can mean you pay higher insurance premiums.
Do You Tag Emails Originating from Outside Your Company to Alert Employees?
One of the security practices to help mitigate the risk of a phishing incident is to put a tag in the subject line of an email to let employees know when a message is coming from outside the organization.
This can also help reduce the impact of email spoofing, where a hacker puts the company domain as the Sender’s email address, but the email actually originated from a completely different domain.
If You Use Microsoft 365, Do You Have Advanced Threat Protection Added?
Advanced Threat Protection (ATP) in Microsoft 365 is a feature that filters data, suspicious behaviors, and does other types of monitoring to keep organizations more secure.
The feature integrates with many of the apps in the platform, including email, to prevent phishing and other types of attacks.
You may have this enabled already and not even know it, in which case a “no” answer could increase your premiums unnecessarily.
Do You Encrypt All Sensitive & Confidential Data Stored in Company Systems?
If you don’t have a way to tag sensitive or confidential data, then it may not be properly encrypted when being used in different cloud applications. This can cause you to pay higher cybersecurity insurance costs.
Certain cloud storage systems and apps automatically encrypt data, but it’s hard to know which ones if you’re not a trained IT professional.
Do You Use Next-Generation Antivirus (NGAV)?
This question trips up many small business owners because they know they have an antivirus, but don’t know if it’s considered “next-gen.”
An NGAV provides far superior protection than a signature-based antivirus, including the ability to stop zero-day threats and use behavior-based algorithms.
Do You Use Endpoint Application Isolation & Containment Technology on All Endpoints?
Managing your endpoints includes all the devices in your office, remote team computers, and employee mobile devices used for business data.
Isolation and containment refer to the use of an endpoint device manager, like Microsoft Intune. This type of application can restrict endpoint access to business data and applications and remotely update and monitor all devices when it comes to how they use and connect to business assets.
Get Help Securing Your IT Infrastructure & Reducing Business Liability
Don’t try to fill out a cyber insurance application on your own, or you could end up paying thousands more than you need to in premiums! Connect2Geek can help your Treasure Valley area business with your insurance paperwork and with IT security tactics to reduce your premiums and liability.
Schedule your free consultation to learn more today! Call 208-468-4323 or reach out online.