Cybersecurity and cyber insurance are a priority in today’s world, but in the past few years, these issues have become even more important for companies with employees working remotely.
Working from home has multiplied the risks and occurrences of data breaches, and breach costs also have grown.
If you’re getting ready to buy cyber insurance, you can use penetration tests, enterprise risk assessments and updates to incident response plans to help you prepare.
Buying cyber insurance
“Companies are looking at cyber insurance more and more,” said HORNE Account Specialist Sarah Duncan, who focuses on cybersecurity.
While some organizations must comply with industry regulations requiring coverage, others want it to transfer the risks and some of the costs of cyberattacks.
“It’s up to you to examine the return on investment of what you can afford to cover on your own and what you need cyber insurance to cover,” Duncan said. You may find you can absorb the costs of some risks and not others.”
It is challenging and expensive for companies to self-insure when breaches cost millions. According to IBM, the average breach cost $4.35 million in 2022. Organizations that self-insure need to transfer the risks to an insurer to cover some costs.
“It’s becoming difficult for organizations to get cyber insurance since companies are increasingly using their insurance for breaches,” said Duncan. “Even when carriers say they’re eligible for coverage, the premiums are rising. Many organizations find they must adhere to a checklist of steps to minimize their risk and get a quote for the coverage.”
Assessing your risk
You need to take measures to assess your cyber risk and design and follow a cybersecurity risk management strategy to satisfy insurers. You must show that you are reducing risks and following the security best practices.
“We can easily address the steps carriers request,” Duncan said. “We can help you with our penetration testing services to find your vulnerabilities.
“We can update your enterprise risk assessments and incident response plans to meet carrier requirements,” she added. “Carriers want to see that you have these procedures in place to establish the maturity of your cybersecurity.”
Whether cyber insurance is a requirement for your business or you just want it to reduce your financial risk, begin your assessment and research weeks and months before you need it, not days, Duncan advised.
“If you’re considering cyber insurance, start looking 90 days to six months out, so you can satisfy that carrier checklist in advance,” she said. “Finding a carrier with ideal coverage, checking off their list of cybersecurity requirements and making sure you can afford the coverage takes some time.”
Contact us to learn more about HORNE’s cybersecurity services.