It is important that all businesses devote time to cybersecurity. It is now a trend globally for hackers to prey on vulnerable companies. One way to protect yourself, at least financially, is to invest in cyberinsurance.
If you decide to buy a policy, here are five tips to help make the application process a little easier:
This type of coverage is designed to mitigate losses from a variety of incidents — including data breaches, business interruption and network damage.
1. Be detail-oriented when filling out the paperwork. Insurers usually ask an applicant to complete a questionnaire to help them understand the risks facing the company in question. Answering the questionnaire fully and accurately may call for input from your leadership team, IT department and even third parties such as your cloud service provider. Take your time and be as thorough as possible. Missed questions or incomplete answers could result in denial of coverage or a longer-than-necessary approval time.
2. Establish (or fortify) a comprehensive cybersecurity program. Your business has a better chance of obtaining optimal coverage if you have a formal program that includes documented policies for best practices such as:
- Installing software updates and patches,
- Encrypting data,
- Using multifactor authentication, and
- Educating employees about ongoing cyberthreats.
Before applying for coverage, either establish such a program if you don’t have one or strengthen the one in place. Be sure to generate clear documentation about the program and all its features that you can show insurers.
3. Create and document a disaster recovery plan. An effective cybersecurity program can’t focus only on preventing negative incidents. It must also include a disaster recovery plan specifically focused on cyberthreats, so everyone knows what to do if something bad happens.
If your company has yet to create such a plan, establish and implement one before applying for cyberinsurance. Put it in writing so you can share it with insurers. Review your disaster recovery plan at least annually to ensure it’s up to date.
4. Prepare to be tested. Some insurers may want to test your company’s cyberdefenses with a “penetration test.” This is a simulated cyberattack on your systems designed to uncover weak points that hackers could exploit. Before applying for cyberinsurance, conduct a thorough assessment of your networks and, if necessary, train or upskill your employees to follow protocols and be wary of “phishing” schemes and other threats.
5. Consider a third-party assessment. To better uncover weaknesses that could result in a denial of coverage or unreasonably high premiums, you may want to engage a third-party consultant to assess your cybersecurity program, as well as your equipment, network and users. Doing so can be beneficial before applying for cyberinsurance because some IT security firms maintain relationships with insurers and can help streamline the application process.
Like most types of coverage, cyberinsurance is a risk-management measure worth exploring with your leadership team and professional advisors. Contact your Rudler, PSC advisor at 859-331-1717 for help determining whether buying a policy is the right move and, if so, for assistance analyzing the costs involved and developing a budget.
RUDLER, PSC CPAs and Business Advisors
This week's Rudler Review is presented by Jim Gyimah, Senior Accountant and Eric Ficke, CPA.
If you would like to discuss your particular situation, contact Jim or Eric at 859-331-1717.
As part of Rudler, PSC's commitment to true proactive client partnerships, we have encouraged our professionals to specialize in their areas of interest, providing clients with specialized knowledge and strategic relationships. Be sure to receive future Rudler Reviews for advice from our experts, sign up today !