Six steps to take before you look for Cyber Insurance
Cybercrime is increasing at an alarming rate. A recent Forbes article highlighted that the US suffers more than 4,000 ransomware attacks every day, whilst here in the UK, four out of ten businesses have reported experiencing cyber security breaches or attacks in the last 12 months (Department for Digital, Culture, Media & Sport – Cyber Security Breaches Survey 2021).
The rise in attacks is prompting an increased adoption of cyber security insurance, as businesses look to protect themselves against this growing concern.
However, as demand for these insurance products has increased, so have the costs involved to rectify damage incurred from cyber incidents or in meeting ransom demands. This has resulted in some insurers reducing the scope of cover on offer, with stricter terms and increased premiums, or applying limits on ransomware coverage, or not offering it at all.
Cyber insurance is important for risk mitigation but should be included as part of a wider cyber security strategy. And being able to demonstrate that your business has a comprehensive cyber strategy in place will be seen favourably by your insurer and may help you secure robust insurance at a competitive premium.
So, before you arrange your cyber insurance, we suggest that you follow these six steps to protect help your business against cyberattack (suggested by Forbes 13.7.2021).
Our advice: follow these six steps
1. Assess the potential impact of a cyber incident
Carry out a risk assessment to evaluate your potential exposure. This will allow you to highlight vulnerable areas. Consider which areas of your business would be most affected and which functions are vital to allow your business to operate.
2. Reinforce your security policies
Look at your current security policies across the business and your core areas and make sure they are as robust as possible. Check for vulnerabilities and update them as necessary. This may include the introduction of Multi Factor Authentication (MFA), or limiting the number of people that have authority to approach financial transactions.
3. Train your team
Educate your team on the different types of cyberattack and how to identify them. The DCMS reports that phishing is the most common form of cyberattack in the UK accounting for 83% of incidents. Make sure staff have firm procedures to follow in the event of an incident – who to alert and what steps to take.
4. Create a contingency plan
Create a robust contingency plan for the worst-case scenario. Clearly define who is responsible for what, so that recovery is as efficient as possible. This will help you to recover fast and reduce your costs.
5. Test your defences
Take the time to make sure your protective measures actually work. You can use a third-party specialist organisation, who will help to identify any areas of weakness by trying to penetrate your defences. Being able to demonstrate that your business can pass a penetration test will increase your chances of a lower insurance premium.
6. Ask the right questions
When you start to look at insurance cover, make sure you understand everything on offer. Find out exactly what is included and what isn’t. Ask if you are unsure about any clauses and make sure you are clear about what support is available to you during and after an incident. It’s important to understand what part your protective measures play in the validity of a claim – if you need to be able to demonstrate that your data is up to date. Consider who will be responsible for this activity.
Cyber insurance will support your business in the event of a cyber related incident or data breach, but ultimately it will be your cyber security strategy and the internal measures that you put in place that will protect your business. Be proactive and create your cyber security strategy, because hindsight isn’t helpful here.
We can help you to create a cyber security strategy as part of a wider business risk assessment. We offer tailored advice and guidance on what’s right your situation and arrange the right insurance cover to fit with your specific needs.
Contact us to arrange a review of your cyber security risk and your current levels of cover.
You can call us on 01480 272727 or email us at firstname.lastname@example.org