There are a lot of misconceptions about cyber insurance. It is not too difficult to understand when you think about it like this:
Have you ever thought that as long as you have car insurance, it is okay to drive drunk?
Or have you ever thought that as long as you have homeowners insurance, it’s okay to start a bonfire in your basement?
If you have a car accident or your house burns down, your insurance will pay, right? Of course not!
So then, why would you think that as long as you have cyber insurance, you don’t have to protect your system? You do!
If you were one of the early cyber insurance policyholders, you likely only had to answer a handful of questions and were guaranteed a policy at a very reasonable rate. Now, however, if you try to renew or obtain a policy for the first time, you may have to answer a questionnaire of up to 300 questions and are not guaranteed to be able to obtain the policy/renewal. If you get the policy, it will be much more expensive.
The primary reason for this increasing difficulty and cost is the ever-increasing threats.
Suppose you own a modest one-story home in a quiet neighborhood at the end of a cul-de-sac, not in a hurricane, tornado, wildfire, or earthquake zone with a low crime rate. In that case, your homeowner’s insurance will be much less than if you owned a 3,000-square-foot, state-of-the-art, high-tech beach house on the coast of Florida. More threats, more risk.
Additionally, when you initially obtain a cyber insurance policy, the requirements to maintain a strong cyber security posture will increase as the threat increases. The insurance companies must take this into account. You may be safe today, but if you don’t maintain good cyber hygiene, you will be at more risk later.
Like car insurance companies that allow customers to opt-in to monitoring for decreased premiums, cyber insurance providers may allow for tracking by the insurance companies to maintain lower premiums.
This monitoring is one of the many critical tools that a cyber security firm can provide, in addition to the other measures they can take to help protect your network and foster a mature cyber security environment.
Some industries are already seeing cyber insurance policy providers team up with cyber security firms to help their clients be better situated to prevent, detect, respond to, and recover from an attack, which would, in turn, mean a less costly claim.
One thing that cyber insurers want their clients to understand is that cyber insurance is NOT a defense. It should only be part of their mitigation or support if and when an attack happens. Car insurance will not keep you from an accident but will help restore or replace your vehicle if you are in an accident and get you back on the road quicker than if you didn’t have insurance.
While different cyber insurance providers require different security measures to be in place to be covered, the one that almost all need is that their clients use multi-factor authentication, additionally, if you are using a cyber security specialist or consultant, they can help you implement the measures that an insurance provider requires and attain coverage.
The bottom line is that cyber insurance is NOT a substitute for cyber security. They work together to protect you and help you stay in business and operational.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.