If you are a service provider, there are two things about cyber insurance that you should discuss with your clients and make sure they understand. Watch this 2 minute video to better understand why:
So, what are those two things?
- In today’s environment, every company has substantial cyber risk and every company needs cyber insurance. Period. Cyber insurance is not covered by typical business insurance and companies must have the right cyber insurance for their unique risks — this is not one-size-fits-all.
- Many cyber insurance policies strictly limit which service providers can be used for incident response services. Effective incident response takes a team. Frequently used service providers in incident response are often cyber forensics, cybersecurity, incident response, public relations, breach logistics, forensic accounting, and of course, legal. If your client wants to use your company, or other service providers they know and trust, they must make sure and get them written into the policy or get a policy without such restrictions. It is much easier to do this while they are procuring insurance but, even if they already have it, they should still make the request as soon as possible — the time to sort this out is now, not after they have an incident. See these articles for more explanation:
- Cyber Insurance and Incident Response: What to Know, Secure World (quoting Tuma)
- With Ransomware Attacks Increasing, Cyber Insurance Now Seen as a Necessity, not a Luxury – Security Magazine
- Cyber Insurance Becoming a Necessity, No Longer a Luxury for Prepared Companies, CPO Magazine
If you are interested in learning more about how cyber insurance and these two issues in particular impact incident response planning, watch the following video: