There’s no replacement for robust cyber security and training programs but having these programs in place doesn’t mean you should avoid implementing a cyber liability insurance policy. Cyber insurance has proven to be a critical component of an enterprise risk management program, and if properly aligned with business needs, it can provide coverage for many of the costs associated with a cyber breach.
To ensure your organization has appropriate cyber insurance and a plan for responding to security incidents as they happen, you need to develop and implement an incident response plan. Developing the plan will force you to examine your risks from inside and outside your organization. Once you have identified and categorized your risks you will be able to make the appropriate business decision to either accept the risk (take no action because it doesn’t concern you enough), mitigate the risk (develop new policies and procedures to reduce risk), or transfer risk (purchase cyber liability insurance to help with the cost in the event of a security incident).
The categorization of your risks will guide you in selecting an insurance policy that aligns with business needs. Whether you are developing your response plan internally or with a 3rd party, your organization will be responsible for complying with the terms of policy to ensure you qualify for usable coverage. Terms include things like identifying when (how quickly) you need to contact your insurance provider and who is approved to handle the data involved in the breach.
In addition to helping select the appropriate insurance policy, developing an incident response plan will take you through the steps to identify key contacts from skilled firms that specialize in various areas of expertise. Adding these contacts to your incident response plan will ensure you are prepared to take immediate action when an incident arises.
Each group of specialists provides services to help ease the burden of cyber events. Let’s look at a few of these specialists and how they can help you:
- Information Security/Forensics Firms — These are information security experts, like Pratum, who can assist with developing an incident response plan. These same experts can also help determine the extent of a security breach and provide remediation services.
- Agents/Brokers — These individuals help you understand your exposure and tailor insurance programs to meet the unique needs of your organization.
- Insurance Carriers — Carriers help you transfer liability to the carrier as a third-party via insurance contract. Coverage provides balance sheet protection, and often times, policies provide access to and pay for pre-qualified breach response experts and vendors.
- Breach Coaches — These specialized attorney firms help navigate the turbulent waters after a cyber breach. You gain legal privilege by working with these firms, and they’re experts in handling cyber events and coordinating the specialists on this list to mitigate exposures to your organization.
- Notification/Call Centers/Credit Monitoring/Identity Monitoring Services — These are professional firms that provide services required in the event of a breach. Many of these services are required by various state and federal laws in the event of a breach.
- Public Relations — A firm will provide crisis management communications that help with loss of reputation and consumer confidence. What you say as well as how and when you say it matters.
Cyber liability insurance is an important part of an information security program and gives your organization a helping hand with the access it grants you to cyber experts. Make sure to incorporate these experts into your incident response plans and do your research on which firms best fit your organization’s needs. Planning is a critical step in ensuring events are handled properly and in helping your organization avoid additional liabilities from third parties. If you’ve planned properly, you will not be alone when an incident occurs, and you will be in a better position to minimize damage.
A special thank you to Miles Weis at Holmes Murphy for helping provide some of the content featured in this article.