Guard against Cyber Attacks with Cybersecurity Insurance

Ransomware attacks are among the latest, costly means by which hundreds of organizations and tens of thousands of computers have been infected throughout the world. 

Mitigating cybersecurity risks

Recognizing that a cyber breach is a likelihood, companies need well-planned processes to mitigate and manage operations before they become targets. As part of your planning, it is good practice to identify a cross-disciplinary team to engage when the crisis arises. With a team and plans in place, you can respond quicker to cyber threats or actual events. For resources, visit the FBI website.

Writing for WEF, Dmitry Samartsev, chief executive office of BI.ZONE, a digital risk management company, observed that a company’s employees are “the first line of defense against an attack.” He offered advice for cyber hygiene:

• Provide anti-phishing training. Teach personnel to recognize phishing emails and other tactics used to phish for a way into your company’s systems and network, and to immediately report, but not respond to, suspected phishers. Sometimes social engineers place friendly calls to probe for information. 
• Stage simulated attacks. This may require engaging professional trainers.
• Give password help. Teach how to create strong passwords. Provide software to lock up employee passwords. 
• Educate employees about how to handle customer information, billing and other sensitive data.  
• Instill good habits. Never leave a passworded computer screen unattended. Never share passwords. Never reply to a suspected phisher. Never open unverified links.
• Give contact information for reporting a breach or possible phishing attempt.
• Make an ongoing investment in cutting-edge cyber defenses and training.

Anticipate breaches and prepare for fallout with insurance

The ways that nefarious individuals break into business information systems are pervasive, and the costs are high. Neither commercial general liability nor property insurance typically provide cyber coverage.

A standalone cybersecurity policy can potentially save your business, large or small, from decimation in the event of a successful cyberattack. As explained by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), available coverages include the “costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activities due to data breaches, and legal claims for defamation, fraud and privacy violations.” But most cybersecurity policies “do not cover physical damage and bodily harm caused by a cyberattack against critical infrastructure,” so another policy would need to be in place if that is a concern.

An INSURENEX team member can help you determine if a cybersecurity policy would be a smart purchase for your business. After assessing your needs, your agent can recommend a selection of coverages that best suit your company’s unique needs.