If Cyber Insurance is Step Two, What's Step One?

If securing your systems with cyber insurance is your first step, it’ll also be your first mistake. Don’t get us wrong, insurance is a must-have in your cybersecurity arsenal. However, minimizing risk needs to happen well before you put a policy in place. In fact, insurers want to know more about your security maturity and may even decline coverage if it’s not up to par. Therefore, reordering your approach is more important than ever before.  

Step 1. Assess your risk

So, what’s first? Asking all the right questions. As threats get bigger, bolder and trickier, so does outsmarting them—which means questioning absolutely everything.

For instance, have we ever run a vulnerability scan? If so, have we remediated the results? Does our patching process include products beyond Microsoft’s? Are the backups up to date and offline? How about MFA (multi-factor authentication)? Do the employees know how to identify threats? How much down time can we afford? What’s our worst-case scenario? Do we have an Incident Response Plan? Do we understand the true threats of ransomware, cybercrime, wire transfer fraud, everything else imaginable? 

Once you’ve asked the hard questions—and answered or addressed them all—then you’re ready to think about transferring some of your risk to a third party through insurance. 

Step 2. Insure your remaining risk

Acquiring a comprehensive cyber policy is a necessary, big-picture solution that’ll help protect both you and your company from financial risk and loss. 

With both large carriers and innovative start-ups offering a wide range of policies, choose one that aligns with the risks you’ve already identified.  For example, if a breach of credit card data is one of your biggest concerns, you want to be sure your insurance policy covers PCI fines.  You’ll also want to understand your “retention” or deductible that must be paid before the insurance benefits kick in. Many carriers are looking for a retention of $500k to $1M in riskier verticals. Ensuring that you have precisely the coverage you need will save you a world of frustration when enduring a cyber issue and throughout the recovery process.

Step 3. Never stop

Just as insurance isn’t the first step in managing cybersecurity concerns, it’s also not the last. New threats are continually zig-zagging the globe. Staying on top of the latest security products, regulations and even insurance requirements is equally as challenging. That’s where an expert partnership is worth considering. Employing an experienced CISO can help keep the rapid transitioning and your budget under control. 

Ready to examine your security strategy? Inversion6 has teams of CISOs, analysts and engineers available 24x7 to walk you through these three steps and well beyond.  Contact us today to get started.