An unfortunate fact of life in today’s digital world is that no one, be it an individual consumer of technology or a Fortune 100 business leader, can count on complete protection against becoming the next victim of cybercrime.
“These attacks are not going away. In fact, we are facing an increase in frequency,” says Jared Pelissier, Senior Vice President and Partner at Woodruff-Sawyer & Co.
“While everyone is improving their corporate cybersecurity systems with varying technologies, which will play an important part in proactively defending against breaches and attacks, the basic nature of the matter is that it is nearly impossible to detect or block every threat. You need to be prudent in assessing potential damages and liabilities that a breach could impose on your company. This will help ensure you have adequate insurance coverage in place to best protect your balance sheet.”
Smart Business spoke with Pelissier about how to work with a broker to identify exposures and obtain optimum coverage that protects your business.
Where is a good place to begin to protect your business against cybercrime?
It is all about your company’s risk profile. The best approach is to implement a holistic process.
You need to do more than simply get an insurance policy to protect your business. Partner with an insurance brokerage that has aligned itself with top-notch cyber defense firms to expertly assist with the assortment of cybersecurity services. These cybersecurity firms know exactly what to look for and can assess if a breach has occurred.
One crucial step is performing an assessment to determine if your system has already been compromised. On average, it takes 240 days before a company realizes its system has been breached. Often times the malware is collecting private information undetected and it generally takes five or six months before the IT team realizes the system has been compromised.
You can obtain a full report on where, when and how the compromise happened, as well as how to remedy the situation.
The other piece is penetration testing. As you determine if your systems have already been compromised, you should also gauge how easy or difficult it would be to gain access to your secure data.
Alongside those two tests, create an emergency incident response inclusive of forensic investigation capabilities. You will need a firm that is going to stop an active security incident, evaluate the extent of the attack and then look to remediate the situation and prevent subsequent incidents.
The goal for any risk management team is to create a situation where the company is less likely to have a breach or claim, but should one occur, ensure the company is more defensible in terms of liabilities.
Work with your broker to develop a meaningful process that provides proactive protection against these vulnerabilities. Use the assessment data and improved risk profile to craft custom language into your cyber liability insurance. You have to know who to go to and what to ask for to design the best cyber liability insurance program.
What if your company has already been a victim?
It’s very unsettling to operate under the belief that your company’s data is secure, only to learn that your network was breached six months earlier.
This can be particularly hard on the team you rely on to manage and protect your technology infrastructure.
Unfortunately, you’re not the first and won’t be the last company to feel this vulnerability. In the event of an incident, you need to focus on your data breach response plan and do what is necessary to safeguard your company going forward.
Take an aggressive approach to protect your company and demonstrate to insurance carriers that cybercrime is a threat you take seriously. Educate your employees about their role in keeping your company’s valuable data and assets safe and secure.
Proactive work at all these levels helps reduce your risk of a claim, resulting in better insurance premiums that reflect your improved risk profile. ●
Insights Business Insurance is brought to you by Woodruff-Sawyer & Co.