What Is Cybersecurity Compliance?

What is Cyber Liability Insurance?

Cyber Liability Insurance is a general type of insurance that helps with the costs of a cyber incident. It is important to understand exactly what options are available when pricing Cyber Liability policies.

What does it cover?

Most policies provide for first-party and third-party coverages.

First-party coverage is paid when the insured company directly experiences a breach. Third-party coverage is for the costs a business must pay due to claims, settlements, or lawsuits that result from the company’s failure to act (implement security standards) or their actions.

Common Cyber Liability Insurance coverages:

• Ransomware costs: Paying the amount needed for the decryption key and any labor to decrypt your data.
• Breach notification costs: The cost of communicating to your customers that there was a breach.
• Data Recovery, Remediation, and Forensics costs: The amount for experts to recover your data, determine the details of the breach, how it happened, and ensuring the threat is eliminated.
• Legal Fees and Regulatory Fines: Attorney fees, fines imposed by agencies that oversee data protection laws.
• Repairing or replacing compromised systems: The cost of repairs or replacement of systems damaged by an attack.
• Payments to customers whose information was affected: The cost to restore customers Personally Identifiable Information (PII) and credit monitoring to prevent further loss.
• Downtime and Loss of Income: Provides for loss of income due to business stoppages.
• Reputational Harm: The cost of an organization’s efforts to regain customer trust.
• Funds Transfer Loss: Provide coverage for theft when funds are stolen and sent from the insured account.

Cyber Liability Insurance Exclusion Examples (read and understand your policy’s exclusion):

• A lack of Cyber and Network Security procedures and practices. If you are not taking steps to protect your data and the data of your customers, you may not get approved for a policy.
• Preexisting cyber events are incidents that occurred before the policy was purchased. If there is an incident, and forensics show the initial breach occurred before the policy was in place, any claim may likely be denied.
  • Attackers spend approximately 51 days in SMB company networks before being detected according to Sophos. 
  • A study by IBM showed it takes approximately 277 days to detect and contain a breach. 
• Failure to resolve a known security issue and a cyber-attack is leveraged against that vulnerability. If someone is made aware of a security issue, make it a priority to resolve it, and be sure to document what was done and when.
• Cyber Incidents intentionally started or caused by dishonest employees.
• Hardware or network infrastructure failures not due to a Cyber Incident.
• Recently some policies are excluding state or government sponsored attacks.

What Can a Business Do to Lower Cyber Liability Insurance Premiums and Protect its Data?

1. Implement Multi-Factor Authentication every time you have the option. Especially on the systems that contain Customer or Employee Personally Identifiable Information (PII) or connect you to your company’s network remotely.
2. Have strong and secure Backup and Recovery Policy and Procedures. Make sure someone in your organization is reviewing backup reports. Perform periodic restore tests so you know your data can be recovered and approximately how long that process will take. The worst time to test your restore capabilities is when you must restore due to data loss.
3. Implement Security Awareness Training for your staff. Employees are often the first line of defense against attacks. Training and testing employees reduce the likelihood that they will click on malicious links commonly included in phishing emails.
4. Have an Incident Response Plan. The goal of every Information Security Program is to prevent data breaches. Knowing what your organization would do if there was a data breach will reduce the amount of time, money, and impact an incident would have on your organization.
5. Have a Vendor Management plan. Know which vendors your organization uses have access to employee and customer Personally Identifiable Information and if they have access to your network. If they have access to either, ask for documentation on how they are protecting that information. Make sure they are taking the same types of steps your organization does.
6. Use layers of security to reduce vulnerabilities in hardware and software. Make sure you have a patch management process that includes your Network Devices, Server/Workstation Operating Systems, and the 3rd party applications your organization uses. Use NextGen Anti-Virus and Malware Endpoint Detection and Response (EDR) on all your machines. This software looks for malicious or questionable code to prevent changes that could compromise a machine.
7. Encrypt the Personally Identifiable Information of Customers and Employees stored on your network and when it is in use. To do this, it is critical to know where Personally Identifiable Information is stored and how it flows through your network.
8. Vulnerability Scanning and Penetration Testing can be performed to proactively look for potential weaknesses. This give your organization a chance to resolve them before an attacker.

The details of Cyber Liability Insurance policies vary with almost every insurance provider. What is automatically included, optional, and what are the coverage limits and deductibles? It is important that every business understands the policy details.

Make sure you review the specific amounts a policy includes for different types of incidents. Do not just look at the total amount. For example, if your Cyber Liability policy covers your business for $500,000, there may be a limit of $20,000 for Public Relations Services. It is important to understand the individual coverage limits inside your policy.

Insurance companies do not like to pay claims, especially those that could have been prevented. The more claims an insurance company pays, the higher the premiums for everyone. As an insurance customer we want our premiums to be as low as possible and the best way to keep Cyber Liability Insurance premiums low is to put security layers in place to prevent a breach in the first place.

To check if your company is Cyber Compliant, schedule a 10-minute discovery call with our team now. Call us at (888) 831-9400 or fill out the form below!