So you’re buying or renewing your cyber liability insurance and the provider has a ton of questions for you. How do you respond to get the best and price and the best coverage?
Cyber liability insurance is still a fairly new concept, so our clients often turn to us for guidance on which policies to explore and how to respond to subsequent system audits.
Having been through the process many times, we’ve compiled our top tips below.
1 – Don’t treat it like a client audit.
Your goal with this audit is to minimize financial damage caused by a security incident, not to give a client appropriate confidence in the effort you’re putting into your cybersecurity posture. (In other words, don’t necessarily follow the tips we outlined in our previous blog here.)
2 – Accuracy is imperative.
If you say you have something in place and functioning that you actually don’t, this could result in a claim being denied down the road. Remember: for better or for worse, insurance companies are all financially motivated to cover as little as possible. If your response gives them any kind of “out,” they will take it.
3 – If it’s not written, it doesn’t exist.
Your IT person or Accountant having a policy in their head does not make it official. For each response your provide you must to be able to supply hard evidence as proof that you’re telling the truth.
4 – Keep it business-level.
Audit aside, make sure your policy choice makes sense. What scenarios are likely given your line of business? How much would an incident cost you? Given that data, which policy is worth you paying for?
When we help our clients with these audits, our goal is to strip away the anxiety tied to the subject of cybersecurity, and to emphasize that this is just another business decision for you to make.
If you anticipate a security audit in your future and want to ensure that your security practices are adequate, check out our resources here or reach out to us for some help!