There are two critical cyber insurance issues that every single company must understand right now, before they have an incident:
- In today’s environment, every company has substantial cyber risk and every company needs cyber insurance. Period. Cyber insurance is not covered by typical business insurance and companies must have the right cyber insurance for their unique risks — this is not one-size-fits-all. As I say here, “if you don’t know you have the right cyber insurance, you probably don’t.”
- Many cyber insurance policies strictly limit which service providers can be used for incident response services. Effective incident response takes a team. Frequently used service providers in incident response are often cyber forensics, cybersecurity, incident response, public relations, breach logistics, forensic accounting, and of course, legal. If your company wants to use a service provider they know and trust, they must make sure and get them written into the policy or get a policy without such restrictions. It is much easier to do this while they are procuring insurance but, even if they already have it, they should still make the request as soon as possible — the time to sort this out is now, not after they have an incident. See these articles for more explanation:
- Cyber Insurance and Incident Response: What to Know, Secure World (quoting Tuma)
- With Ransomware Attacks Increasing, Cyber Insurance Now Seen as a Necessity, not a Luxury – Security Magazine
- Cyber Insurance Becoming a Necessity, No Longer a Luxury for Prepared Companies, CPO Magazine
If you are interested in learning more about how cyber insurance and these two issues in particular impact incident response planning, watch the following video:
2 thoughts on “2 Critical Cyber Insurance Issues All Companies Must Consider Now, Before an Incident!”
You must log in to post a comment.