How to reduce your Cyber insurance premiums
If you are a big business or even a small one, and you handle sensitive data, you might be on the hook for the situation when data has been breached, personal identification information stolen or simply you have lost access to the data because of a ransomware attack.
You need Cyber liability insurance, however, within the last years, it has been increasingly difficult to put a cost and budget for those insurance costs.
As a first step, you need review the risks and evaluate their negative impacts on your business.
Here are some high level questions you need to ask yourself:
- Is your industry and organization a valuable target?
- What data do you collect?
- how sensitive the data is?
- how you store it?
- Who has access to that data? (especially, who has privileged access?)
There are couple of high level risks that the cyber insurance should help you mitigate
| RISK | Cyber insurance covers |
| Loss of business | Business operation recovery expenses |
| Loss of reputation
|
Hiring of PR firms to handle reputational damage |
| Compliance issues, fees, penalties | Evaluate and fix security flaws
Notify impacted parties and offer Credit Monitoring |
Your premium costs or even the ability to get Cyber insurance will depend on the implementation of the following security controls
Multi Factor Authentication – How is this applied to the remote access of your network or business critical applications, including the cloud based ones.
Data back-up & recovery – How often is data backed-up, are the back-up files tested for restore, are back-up files encrypted and isolated. The insurer might not pay you if the ransomware gets to your back-ups. Or will not pay for the business loss if the time to restore is much longer versus the time to restore you have estimated.
Also, the following areas should be well documented. Each point having a role to play in the premium reduction:
- Priviledged account management
- Employee security training (especially phishing)
- Incident response – planning; executing tests based on multiple scenarios including ransomware
- Asset inventory – Software updates, end of life software
CollabPro can help you review, assess and implement the security controls in order to improve your business security posture.