WATCH Cyber Insurance Do You Need It? – Day 31 of Cybersecurity Awareness Month
Mike Miller 00:06
So we’re wrapping up Cybersecurity Awareness Month having talked about a variety of cybersecurity topics. We’re going to close out this series of interviews by talking about cyber insurance. If companies heed the advice we’ve heard about all throughout the month, and build a robust cybersecurity program within their company, hopefully they’ll never need to make a claim under cyber insurance, you know, assuming they’ve purchased it. But with us to explain the importance of buying cyber insurance is Craig Taylor, CEO and Co Founder of CyberHoot, a cybersecurity consulting and learning management firm. Craig, do companies today need to buy cyber insurance? And if so, why?
Craig Taylor 00:45
In one word, Mike. Yes, cyber insurance is no different than car insurance, flood insurance, or even life insurance. You buy it, hoping you never have to use it. But you sleep soundly knowing you have protection in case you have a catastrophe. And it’ll help you get back up on your feet after a cybersecurity breach. Every company really should examine their need for insurance and the policies they have such as errors and omissions liability. And cyber is one of them, and purchase enough insurance to cover them based on the risks they face and the data they possess. cyber insurance also requires you to have some kind of a cybersecurity program in place.
When you’re filling out that questionnaire. You need to be honest, and you need to be doing the things that you write down on paper, questionnaires cyber has completed ask companies if they’re doing awareness training, do they have a chief information security officer like we provide at cyber boot? They ask about password managers governance policies, risk assessments and a variety of technical protections such as encryption, anti virus, spam filters and multi factor authentication. Claims are actually being denied Mike, if you fib on that questionnaire, and it’s proven that the breach was tied back to something you said you were doing. But in reality weren’t.
Mike Miller 02:11
While really so some insurance claims are being denied due to inadequate security being in place.
Craig Taylor 02:18
Well, not exactly inadequate security. Because if you’re truthful on the questionnaire, and you say you’re not doing some of the things they want you to be doing, you might get insurance, still, you might not you might not get it to begin with. But if you’re honest, they can’t deny you. But if you’re dishonest they can because you said you were doing X they charge to a certain premium based on your risk, and then you weren’t doing it.
Mike Miller 02:42
Okay. Are there any insurance tips and best practices you can share with us?
Craig Taylor 02:48
Yes, as a matter of fact, we’ve blogged extensively and we’ve interviewed some experts in cyber insurance, about things you should be doing within a company relating to cybersecurity insurance. So if you want to go deeper into this matter, visit cyberhoot.com/blog and search for the word insurance. We did a two part series where we interviewed an expert a noted expert in this area but for tips for the listeners today. Here’s some things you should consider. If you find yourself in a breach, and you’re doing your investigation, but you haven’t yet reported it to your cyber insurance carrier, because you’re maybe investigating your confirming things, that sort of thing.
Make sure you don’t renew your insurance, if it’s up for renewal during the in the middle of a cyber breach, because they’ll deny future claims for not having been have had it reported and you renew, that’s a very important thing that you have to get straight. Second thing is, is there’s hundreds of kinds of cyber insurance, and every business is different in what they need.
So my advice is to consult an insurance industry expert to help that’s familiar with cyber insurance and all the different coverages so that you can buy just what you need specific to your firm to the data you have, and your the needs of your business. Finally, if you have been listening to these interviews, and you’re doing the right things, perhaps you’ve hired a vCISO, so you have a mature and robust cybersecurity program with awareness training, and all of the things we’ve been talking about in these interviews, then you should be asking or demanding a discount and you may have to shop around to find one, but you should get credit for all the good work that you’re doing.
Mike Miller 04:30
Okay. Great tips for companies needing cyber insurance. Thanks for educating us correct.
Craig Taylor 04:36