What to Know About Obtaining Cybercrime Insurance
Incidents of cybercrime have been problematic for a long time, but since the onset of the pandemic, we’ve seen these incidents increase not only in frequency but in elaboration, too. Unfortunately, phishers and hackers have become more adept at successfully targeting small and midsize businesses with their efforts.
Previously, we’ve addressed how you can improve the security of your online accounts. However, if your organization’s reputation depends on maintaining the security and privacy of customer records, then this insurance is a must. In today’s climate, it’s no longer a matter of “if” but “when” your private business information could be breached, and to what extent. However, with the right precautions in place, you could reduce–and possibly even eliminate–such risk.
Finding the Right Insurance
The best place to start is your current insurance agent or a general insurance broker that you trust. Cybercrime policies are separate policies that cover specific acts, and you will need to read the policy carefully to determine exactly what you are protected from. You should also distinguish between personal and business policies; you may want both.
In a business policy, some of the items you’ll want to consider protection against include:
- Data breach
- Ransomware attack
- Spoofing and identity theft
- Wire fraud
- Civil fines
- Lawsuits
- Costs of notification, reputation repair, forensics and data restoration, credit monitoring, and other potential damages
A good policy will cover some or all of these costs:
- Business interruption costs
- Data breach costs
- Extortion costs
- Crisis management and public relations costs
- Data recovery costs
- Computer replacement costs
- The cost of reputational harm
Like any other insurance, you will need to complete an application to obtain a quote. Some of the standard questions you’ll be required to answer include:
- Type of products and services sold in the business
- Type of electronic data stored on your computer systems
- Whether laptops are password-protected
- Whether you have written network security and privacy policies in place
- Whether you have physical security procedures in place
- Whether you have the most current software and processes to keep it upgraded
- Whether you have backups
- Whether you monitor unauthorized attempts to access systems
- Whether you are in compliance with PCI DSS (Payment Card Industry Data Security Standard), HIPAA (Health Insurance Portability & Accountability Act), and GLBA (Gramm-Leach-Bliley Act)
- Whether you have a written document retention and destruction plan in place
- Whether you have encryption enabled
- Whether third parties are involved in data handling
- Whether you have a process to check copyrights of materials you use
- Whether you have a risk management education program for employees
- Your current insurance policies
- Whether you’ve had a breach in recent years
- Whether you’ve had any lawsuits or claims in this area
- Whether you use a firewall
- Whether you use anti-virus protection
- Whether you have an employee/third party off-boarding process that terminates access to computers and data
As you can see, the application process itself is an excellent way to “cross your Ts and dot your Is” when it comes to putting safeguards in place for your business. And, of course, your premium will likely be less expensive when you have these precautions and systems in place. It goes without saying that your premium will be less expensive if you get insurance before you are attacked so that you have a clean application.
A key aspect of owning a business is managing enterprise risk effectively. A cybercrime policy will go a long way toward protecting your hard-earned investment and offer you peace of mind, knowing that your business is protected.