While most small to midsize businesses today rely on technology to get things done efficiently, protecting their data from hackers has become a great challenge. This is why having cyber liability insurance has become a necessity in order to offset the growing risk of cyber criminal activity.
(If this is your first time hearing about Cyber Liability Insurance or you’re in need of a refresher—you can read more about what it is and why you need it here.)
In years prior, obtaining a cyber liability insurance policy was relatively simple. The application process really only checked to see if your business had basic computer security like antivirus and firewalls.
However, due to recent high-profile cybersecurity breaches including the Colonial Pipeline, Cyber Liability Insurance providers are more aware of the risk cyber threats pose to businesses today and understand basic security measures are no longer enough to keep businesses secure. CSO Online explains how recent cybersecurity incidents have had a direct influence on Cyber Liability Insurance policy applications. Now, policyholders are noticing that application questions require further evaluation of a business’s security processes.
If you are looking to renew your cyber liability insurance policy or purchase a cyber liability insurance policy for the first time, here are 11 questions you will need to answer on your Cyber Liability Insurance policy application to gain coverage.
1. Do you perform regular backups and store them in a secure off-site location?
Backups are your lifeline in the case of a cybersecurity incident or system outage. Your files can get corrupted, your data can be lost, and the unexpected really does happen. It’s critical that you have reliable backups that can restore the data from files on your backup should the worst occur.
Take the recent Colonial Pipeline breach for example. The decryption was so complex and time-consuming, the company relied on their backup to restore most of their data. Without an effective backup, it would have cost the pipeline system operations significantly.
2. Do you limit remote access to all computer systems by using two-factor authentication?
At One Step Secure IT, all employees must have two-factor authentication in place in order to access their main accounts and email. This extra layer of protection has become especially important since many businesses allow employees to work remotely.
3. How many PII records are held on your network?
Personally identifiable information (PII) is any data that could be used to identify a customer. Examples include a customer's full name, bank account number, email address, and social security numbers.
If you are like most businesses, you likely process and handle a great deal of PII. Be sure to handle this data securely and when possible, avoid storing sensitive data.
4. What steps are you taking to detect and prevent ransomware attacks?
Insurance agencies know that antivirus and anti-malware solutions alone are no longer enough to keep cyber criminals out of your digital environment. A layered cybersecurity approach including the use of software tools, 24/7 system monitoring, updated technology, implementation of patches, and following Best Practices is the best way to secure your network and protect your business’s data.
5. Are you using Office 365?
This is a new addition to most cyber liability insurance applications. If your business uses this platform, insurers may want to know whether you are subscribed to the Office 365 Advanced Threat Protection plan and if you require multi-factor authentication for all users.
6. Do you provide periodic cybersecurity training to employees?
Insurance agencies know that employees can either be your greatest asset or weakest link in protecting your business from cyber threats. What are you doing to continually train your employees on the latest cybersecurity threats and best practices?
7. Are processes in place to request changes to bank account details including account numbers, telephone numbers, or contact information?
This is another nod to ensuring you have 2FA in place when accessing sensitive data.
8. Do you use endpoint protection in the network? What brand?
It’s important to remember to use reputable endpoint protection that delivers both threat detection and response. Also, don’t forget to implement user access restrictions to better protect sensitive company data.
9. How long does it take to install critical, high severity patches?
At One Step, we automatically apply regular patches for ourselves and our customers as they are released.
Critical patches are applied 2-4 weeks after they are released. The 2-4 week delay is because, very often, these critical patches contain bugs that break things within an environment. We wait 2-4 weeks until Microsoft works out the bugs and we can confidently apply the critical patch with little fear of it interrupting productivity. This delay is universally considered an acceptable time frame.
10. Can users access email through a web application on a non-corporate device?
With more and more employees continuing to work from home, insurers want to make sure policyholders are taking steps to securely access company data. Again, this usually involves the implementation of 2FA.
11. Do you have a SOC?
A Security Operations Center (SOC) is a centralized function within your business that employs people, processes, and technology to actively monitor, identify, prevent, and respond to incoming cyber threats.
Since most small to midsize businesses do not have the budget to build a large, in-house IT team, many businesses are opting to partner with a managed service provider to address their growing IT needs.
Already have a CLI policy?
Did you know that having a cyber liability insurance policy is not enough to ensure you will get paid in the event of a breach? Too many businesses have found out they are non-compliant after a devastating cyber incident and don’t receive money from insurance.
One Step Secure IT’s compliance specialists help CLI policyholders remain compliant, so they have peace of mind they’re covered should the worst happen.
Unsure if you are meeting all the requirements? Let’s chat.
What to Read Next...
Cyber Liability Insurance: What It Is and Why You Need It
Cyber Liability Insurance: I’m Covered, Right?
Cyber Liability Insurance: Here Come The Exclusions
Stay Current with the Latest in Cybersecurity