Cyber Insurance is a growth industry, especially in the USA, where this type of insurance seems to sit alongside other business requirements quite naturally.
So how does it work, and how do you make it more affordable?
When setting a company’s premium, the cyber insurance company will assess the risks against a number of factors, much as they would for household insurance.
For example whilst your home postcode may indicate the likelihood of a burglary, your locations online and the digital footprint of your company will also indicate the potential availability of your data. Do you have a website? Do you perform transactions online? These will increase the risk rating you receive.
Hiring someone to review the security of your home to identify weaknesses – perhaps a door lock that can be easily picked – is something that not many do, but the digital equivalent, penetration testing, is certainly something that insurers want to see you have performed. Identifying weaknesses and managing them proactively is an important part of preventing security issues.
A burglar alarm gives the home insurer comfort that someone will be notified if a break-in occurs, but how do you manage this for your computer systems? Do you record and report on unusual activity? Would someone breaking into your network be detected?
Having a security guard in place to manage security at your home would be most desirable; the corporate equivalent, the Information Security Officer, is equally important and of value to the insurer. Do you have anyone in that role?
Finally and most important of all is Information Security awareness training. How would your insurer view a burglary if you had left your home unlocked with the front door wide open? Teaching and training staff to not perform the digital equivalents of this, is perhaps the most important step you can take.
After all, no amount of insurance will replace your hard earned reputation.
