What to Expect When Applying for Cyber Insurance

With all that has been happening lately in the news and the introduction of strict data breach laws, you may be considering cyber insurance for your business. In our opinion, it is a good idea.

Cybercrime is a growing problem, and no single solution can ensure protection. Insurers will ask you a series of questions about your IT security practices in order to assess your risk. Here are some of the typical questions you may be asked. It is important to be honest and upfront when answering these questions, as any misrepresentation of your security practices could invalidate your insurance policy.


Information: What kind of information does your business keep on file?

Customer names, addresses, and contact information?

Customer names, addresses, and contact information?

Information held for the purposes of earning your business's income.

Sensitive information that could be used to harm an individual or company if it is leaked?

Does the company share sensitive information with third party contractors, suppliers, or customers?

Does the company share sensitive information across international borders?

Backups:

Does your company regularly perform backups?

What is the frequency of your backups?

How do you back your information up?

Is the location of your backup disconnected from your network and offsite?

How often do you check the backup by performing a full restore?

How long do you estimate it would take to be fully operational after a cyber incident?

Security:

Do you have antivirus protection in place and on all devices? (Including cell phones that connect to the company or guest network)

Is the antivirus monitored to ensure its currency?

Do you have a firewall?

Is your firewall regularly updated?

Do you regularly update the versions and patches for your devices operating systems?

Do you use MFA (Multifactor Authentication) for all email access?

Do you use MFA for Cloud based services? (e.g. SharePoint, Google Workspace etc.)

Do you require a VPN (or Zero Trust) for all remote access to your company network?

Are all contractors and work from home employees using the company approved devices, antivirus and VPN or Zero Trust connectivity?

Do you train your employees to identify and manage phishing and scams?

Do you test your employees to ensure correct practices are followed?

Are there restrictions on the employee’s ability to download and install software?

Are employees’ access rights removed immediately after the termination of employees?

Do you have a password policy and method for regular password changes?

Financial:

Do you transfer any single payments more than $10,000?

If so, do you verify the payee’s details and bank account number against previously proven legitimate details for that payee?

Do you rely on a method other than email or telephone to the payee to confirm those details?

Explanations of the Cyber Insurance Questionnaire:

Information: The specific information that a business needs to hold will vary depending on the type of business and the industry in which it operates. However, all businesses need to hold some basic information in order to operate effectively and to comply with the law. Examples - those in healthcare would store patient files with a lot of highly sensitive information, a motor mechanic may well store files about vehicles, their owners and when services or WOF’s are due. Both businesses would have customer and supplier email addresses, phone numbers and possibly payment arrangements. Any escape of this information constitutes a data breach.
Backups: Backups are virtually the only way to recover from a ransomware attack. Insurers dislike paying ransoms, as it only encourages further criminal activity, and in many cases your data is not returned to you anyway. In fact, if New Zealand follows trends happening in some other countries it may soon become illegal to pay ransoms. Your cyber insurer will want to feel confident that you have a robust backup scheme in place.
Security: One of the obvious secrets to reducing the risk of a cyber-crime incident, is to minimise the opportunity for it to happen in the first place. Your insurer will want to know that you have a proper multilayered defense in place and that your staff are well trained as most cyber incidents generally start with an employee clicking on a link in an email or on a website.
Financial: Extortion is a common motive for cybercrime against businesses and organisations. Given the cyber insurer is assuming a financial risk, they want to be confident you have the proper financial checks and balances in place to prevent incidents like the recent $2.8 million Team New Zealand scam. (Large transactions need to be protected from Hackers living in your email or phone system)

Conclusion: Follow the links below to see how CT Business Solutions can help you reduce your cyber-risk?

Related Services:
Managed Cyber Security
Managed IT Services
Advanced Email Protection
Check | Has your Email been Breached?
Are you a Sitting Duck?
Business Backup Solutions



Our Youtube link: https://www.youtube.com/@ctbusinesssolutions
Google review link: https://g.page/r/CTiCdJZbvW8xEBk/review



This Article is about: What to Expect When Applying for Cyber Insurance | Author: Dennis Jones | CT Business Solutions | Last Updated 19/06/2023

About the Author: Dennis Jones is a technology entrepreneur, founder of CT Business Solutions Ltd, and an active member of the IT Alliance. With over two decades of experience in IT support, Dennis is well known for his experience and expertise in the technology services field. He holds a postgraduate Diploma in business management, enjoys writing technology blog articles, and is committed to providing exceptional customer service. Dennis' passion for technology, entrepreneurship, and customer satisfaction have made him a respected author and thought leader in the IT industry.