Pratum Blog

There’s no replacement for robust cyber security and training programs but having these programs in place doesn’t mean you should avoid implementing a cyber liability insurance policy. Cyber insurance has proven to be a critical component of an enterprise risk management program, and if properly aligned with business needs, it can provide coverage for many of the costs associated with a cyber breach.

To ensure your organization has appropriate cyber insurance and a plan for responding to security incidents as they happen, you need to develop and implement an incident response plan. Developing the plan will force you to examine your risks from inside and outside your organization. Once you have identified and categorized your risks you will be able to make the appropriate business decision to either accept the risk (take no action because it doesn’t concern you enough), mitigate the risk (develop new policies and procedures to reduce risk), or transfer risk (purchase cyber liability insurance to help with the cost in the event of a security incident).

The categorization of your risks will guide you in selecting an insurance policy that aligns with business needs. Whether you are developing your response plan internally or with a 3rd party, your organization will be responsible for complying with the terms of policy to ensure you qualify for usable coverage. Terms include things like identifying when (how quickly) you need to contact your insurance provider and who is approved to handle the data involved in the breach.

In addition to helping select the appropriate insurance policy, developing an incident response plan will take you through the steps to identify key contacts from skilled firms that specialize in various areas of expertise. Adding these contacts to your incident response plan will ensure you are prepared to take immediate action when an incident arises.

Each group of specialists provides services to help ease the burden of cyber events. Let’s look at a few of these specialists and how they can help you:

  • Information Security/Forensics Firms — These are information security experts, like Pratum, who can assist with developing an incident response plan. These same experts can also help determine the extent of a security breach and provide remediation services.
  • Agents/Brokers — These individuals help you understand your exposure and tailor insurance programs to meet the unique needs of your organization.
  • Insurance Carriers — Carriers help you transfer liability to the carrier as a third-party via insurance contract. Coverage provides balance sheet protection, and often times, policies provide access to and pay for pre-qualified breach response experts and vendors.
  • Breach Coaches — These specialized attorney firms help navigate the turbulent waters after a cyber breach. You gain legal privilege by working with these firms, and they’re experts in handling cyber events and coordinating the specialists on this list to mitigate exposures to your organization.
  • Notification/Call Centers/Credit Monitoring/Identity Monitoring Services — These are professional firms that provide services required in the event of a breach. Many of these services are required by various state and federal laws in the event of a breach.
  • Public Relations — A firm will provide crisis management communications that help with loss of reputation and consumer confidence. What you say as well as how and when you say it matters.

Cyber liability insurance is an important part of an information security program and gives your organization a helping hand with the access it grants you to cyber experts. Make sure to incorporate these experts into your incident response plans and do your research on which firms best fit your organization’s needs. Planning is a critical step in ensuring events are handled properly and in helping your organization avoid additional liabilities from third parties. If you’ve planned properly, you will not be alone when an incident occurs, and you will be in a better position to minimize damage.


A special thank you to Miles Weis at Holmes Murphy for helping provide some of the content featured in this article.

2019 Prometheus Awards CEO of the Year

The Technology Association of Iowa Announced the Finalist for the 2019 Prometheus Awards

Dave Nelson, CEO at Iowa-based cybersecurity firm Pratum, has been named a finalist for the 2019 Prometheus Awards’ CEO of the Year. The most prestigious recognition for Iowa’s technology industry, The Prometheus Awards presented by LWBJ brings together leaders from technology, business, education and government to celebrate the year’s most momentous innovations.

The winner in each of the 14 award categories will be announced during the Prometheus Awards celebration on Thursday, April 11, 2019, at the Community Choice Credit Union Convention Center in Des Moines.

Here are the 2019 CEO of the Year finalist:

  • Jim Masterson, LightEdge Solutions
  • Ben Milne, Dwolla
  • Dave Nelson, Pratum
  • Hank Norem, Maple Ventures
  • Beth Trejo. Chatterkick

Reserve a table or purchase individual tickets here.

Learn More About Prometheus Awards
Smart Security Video Series with Pratum and The Technology Association of Iowa

Pratum, Iowa-based information security consulting and managed security services firm, today announced its cybersecurity video series partnership with The Technology Association of Iowa (TAI). The monthly series “Smart Security” will consist of 60-90 second videos providing viewers with cybersecurity content delivering actionable takeaways and thought-provoking ideas.

"TAI is excited to partner with Iowa cybersecurity leader, Pratum, to produce a new monthly video series “Smart Security”. TAI members will learn information security insights from Iowa professionals and gain the knowledge needed to protect a company's most valuable asset: its data," said Brian Waller, President of The Technology Association of Iowa.

New cybersecurity videos will be delivered each month through the TAI Newsletter and social media channels. The videos encourage executives to think strategically about cybersecurity and how it impacts their business.

“You can only cover so much in 60 to 90 seconds, but the goal is to get the cybersecurity dialogue started. For those who want more information, each video will be accompanied by supplemental written content with more comprehensive insight,” said Dave Nelson, President and CEO of Pratum.

“Smart Security” will debut January 31, 2019 in TAI’s monthly newsletter. To subscribe to the newsletter, visit technologyiowa.org.

Get our blog posts delivered to your inbox: