July 12, 2022
By: Chris Clymer

If Cyber Insurance is Step Two, What's Step One?

If securing your systems with cyber insurance is your first step, it’ll also be your first mistake. Don’t get us wrong, insurance is a must-have in your cybersecurity arsenal. However, minimizing risk needs to happen well before you put a policy in place. In fact, insurers want to know more about your security maturity and may even decline coverage if it’s not up to par. Therefore, reordering your approach is more important than ever before.  

Step 1. Assess your risk

So, what’s first? Asking all the right questions. As threats get bigger, bolder and trickier, so does outsmarting them—which means questioning absolutely everything.

For instance, have we ever run a vulnerability scan? If so, have we remediated the results? Does our patching process include products beyond Microsoft’s? Are the backups up to date and offline? How about MFA (multi-factor authentication)? Do the employees know how to identify threats? How much down time can we afford? What’s our worst-case scenario? Do we have an Incident Response Plan? Do we understand the true threats of ransomware, cybercrime, wire transfer fraud, everything else imaginable? 

Once you’ve asked the hard questions—and answered or addressed them all—then you’re ready to think about transferring some of your risk to a third party through insurance. 

Step 2. Insure your remaining risk

Acquiring a comprehensive cyber policy is a necessary, big-picture solution that’ll help protect both you and your company from financial risk and loss. 

With both large carriers and innovative start-ups offering a wide range of policies, choose one that aligns with the risks you’ve already identified.  For example, if a breach of credit card data is one of your biggest concerns, you want to be sure your insurance policy covers PCI fines.  You’ll also want to understand your “retention” or deductible that must be paid before the insurance benefits kick in. Many carriers are looking for a retention of $500k to $1M in riskier verticals. Ensuring that you have precisely the coverage you need will save you a world of frustration when enduring a cyber issue and throughout the recovery process.

Go deeper with Inversion6: Get in-depth insights on how to navigate the cyber insurance market here.

Step 3. Never stop

Just as insurance isn’t the first step in managing cybersecurity concerns, it’s also not the last. New threats are continually zig-zagging the globe. Staying on top of the latest security products, regulations and even insurance requirements is equally as challenging. That’s where an expert partnership is worth considering. Employing an experienced CISO can help keep the rapid transitioning and your budget under control. 

Ready to examine your security strategy? Inversion6 has teams of CISOs, analysts and engineers available 24x7 to walk you through these three steps and well beyond.  Contact us today to get started.

Post Written By: Chris Clymer
Chris Clymer has more than 20 years of experience in various roles in IT and IT security, including assessor, developer, analyst engineer, manager and chief security officer. Chris has worked in numerous industries with unique challenges and specializes in security management, risk management, information technology and more. He has been with Inversion6 since December of 2015 as Director and a Chief Information Security Officer (CISO).

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.