(or will you be refused coverage?)
Many companies are understandably concerned about the rapidly growing number of cyber-attacks happening all around us. In 2020 alone, the FBI reports nearly 20,000 business email compromises leading to losses of $1.8 Billion. These attacks are primarily through weak or stolen passwords or from people clicking on a malicious link in an email.
To combat this problem, businesses are turning to insurance carriers for cyber protection to limit their losses from cyber-attacks. The insurance companies are just as concerned about the risk and are putting business requirements in place that force companies to ensure their systems and important data are adequately protected and are a reasonable risk to insure.
These vary by insurer, and we can expect that they will become more and more complex as insurers become more familiar with the marketplace and the risks that they are insuring. You should have these security measures in place to be insurable:
Two-factor (2FA) or Multi-factor Authentication (MFA)
In addition to your user ID and password, this is an additional separate code that identifies you, often on a separate device like your mobile phone. You should implement 2FA or MFA regardless of whether or not you are buying cyber insurance.
Encrypted, offsite backups
The best practice is to encrypt your data backups and to store one copy offsite. In some cases, it may be prudent to store a second copy completely disconnected from the network.
Regular network vulnerability scanning
Your systems should be tested regularly to ensure that external access is operating exactly the way you expect. Testing will also recommend improvements to strengthen the protection.
Regular, on-going Cybersecurity training
Your entire team should receive monthly training that helps them stay vigilant and alert to the many different methods attackers are using.
Depending on your type of business and the amount of coverage you might need, you may have additional requirements that need to be implemented before you can be covered.
Even if you are not currently considering buying cyber insurance, the health of your business depends on protecting it from security breaches. It is essential to your business that you implement as many security precautions as possible and to continuously improve your security defenses because the attackers are continuously improving their methods.
With Revolution Group’s Managed Security Services, we manage your evolving security needs including keeping pace with your insurance company requirements and providing ongoing training to all of your employees. Find out more about IT Security, or give us a call at 614-212-1111 to discuss your IT strategy today!