Question: What should I know about cyber insurance? Is it worth it?
Cyber insurance is a must thanks to today’s threat landscape, but keep two things in mind:
- Cyber coverages vary drastically between providers, so you MUST know what you’re signing up for (or missing).
- Do your homework – a lot of it – before choosing a cyber insurance coverage and provider.
The most important things to look for, as it relates to cyber insurance, are as follows:
- Choose a reputable provider that has a good reputation for providing quality cyber insurance products and coverages, along with excellent customer services and good customer reviews.
- You must have a very good understanding of what is AND is not covered with your cyber insurance policy. Talk through a variety of scenarios with your potential provider to ensure you don’t have a major gap in coverage. For example: are you covered for ransomware? To what extent? Under what circumstances? What circumstances would prevent coverage?
- Have an idea of what a cyber incident is going to cost you. It's important to not just think about recovery, but full restoration of business operations, potential customer notification costs, legal fees, and other regulatory repercussions as well. Make sure your coverage is appropriate to cover the whole gamut.
- If a digital forensics and incident response (DFIR) investigation is needed, understand whether or not you can select your own DFIR resource (or get your current DFIR partner vetted through the provider), or if you’re stuck using the insurance company’s DFIR resource. Remember – insurance companies are always looking for a reason NOT to pay claims, so using a DFIR resource can be beneficial in this scenario.
- Know the expectations (i.e. cybersecurity standards) the insurance provider has for YOUR organization and make sure you’re in compliance. Nothing will get a claim DENIED faster than not meeting the cybersecurity expectations of the insurance provider.
Continued Learning:
Meet Our Expert!
Jon Waldman, CISA, CRISC
As an experienced cybersecurity executive and educator, Jon Waldman has worked for over 15 years to help hundreds of organizations be able to identify and understand cybersecurity risks, allowing them to make better and more informed business decisions. Jon is the Chief People Officer for SBS CyberSecurity, as well as the President of the SBS Institute.
You can ask our security experts your cybersecurity questions and they'll answer in an #askSBS blog post. Submit your questions in one of three ways:
- Submit your question here: https://lnkd.in/efCF7NK
- Use #askSBS in your own post with a question.
- Comment on one of our #askSBS social media posts with your question(s).
We're looking forward to hearing and answering your questions!
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.