5 Tips to Reduce Your Cyber Insurance Premiums
If your small business is handling sensitive data and relies on an assortment of applications and digital tools, then you should be investing in cyber insurance. Some smaller businesses may consider this type of protection to be a luxury. But nothing could be further from the truth.
According to the most recent statistics in the Cost of a Data Breach Report, conducted by IBM in conjunction with the Ponemon Institute, the average cost of a data breach has risen 12% over the past 5 years to $3.86 million. A nation-wide survey in Ireland also discovered that 40% of SMEs in Ireland have been the victim of a cyber attack in the past few months.
No business is immune to cybersecurity risk.
While cyber insurance may offer some financial cover, the hefty monthly premiums may make you think twice about signing up. But, did you know that there are several steps you can take to keep your monthly premium payments to a minimum?
Why Cyber Insurance?
Your data as well as the systems that record, store, and analyze it, are critical business resources. These days, your business’ data is much more than sensitive customer data, like payment information and customer profiles. It also includes things like product specifications and proprietary information, marketing data, customer behavior, customer service history, the content on your website, and internally generated documents and memos.
Businesses of all sizes are vulnerable to the loss of their data or the breakdown of their internal systems. Seasoned business owners know first hand that hardware and network malfunctions, data security breaches, lost or stolen devices are par for the course when running a business.
But when these things happen, it can significantly disrupt your operations and negatively affect your business’ reputation. There are also substantial financial costs involved in finding the cause of and remedying a breach, including the cost of notifying customers, handling negative publicity and having to pay an assortment of financial penalties.
Cyber insurance polices were designed as a risk management tool to help businesses cope with a range of digital disruptions that can interfere with normal operational activity. As such, these policies generally cover liabilities and other costs associated with a loss or theft of data, such as:
• Expenses associated with conducting a forensic investigation into the source and nature of the data breach
• Expenses associated with stemming negative publicity and rebuilding the business’ reputation
• Security breach remediation through a dedicated call center
• Loss of business income as a direct result of the data loss or compromised systems
• The cost of damage to computer hardware
• Digital asset replacement expenses
• PCI-DSS payments
• Cyber extortion expenses
• Security and privacy liability
5 Tips to Lower Your Cyber Insurance Premiums
While few may argue against the need for cyber insurance, the reality is that many SMEs choose to opt out. Cyber insurance is considered by insurance carriers to be a risky product and this is reflected in the high monthly premiums they charge for the service.
But, if you are running an SME on a limited budget, it doesn’t mean you have to forego cyber insurance coverage. By putting systems in place to reduce the overall cost of a data breach thereby reducing anticipated claim amounts, your business can lower your monthly premium payments for coverage.
Here are several steps you can take to reduce your cyber insurance expenses:
1. Creating an incident response plan.
A cyber security incident response plan is your guidebook whenever your data or any part of your network has been compromised in some way. It’s going to include several things, such as:
• Identifying the most vital and sensitive data and where it’s stored in your business network
• Defining who can access it and when
• Deciding how breaches be will recorded and contained
• Defining how cyber security decisions will be made and by whom
• Deciding how breaches will be reported to affected parties
• Committing to staying prepared for modern day threats and compliant with regulations, such as GDPR.
2. Putting good data security tools and practices in place.
If data security is truly important to you and your customers, then you need to ensure that you have the systems and processes in place to maintain it. This generally includes several rather vital elements:
• You have firewalls in place to protect your network and applications
• You regularly apply security patches and updates to all critical software applications You use multi-factor authentication for remote access to sensitive data or areas in your network
• You have data encryption in place when exchanging information with devices outside of the network.
• You follow strong password best practices and password management as well as controls to manage network access and permissions among your staff.
3. Getting and giving data security training.
The most advanced data management and security tools and practices in the world won’t help if your employees are ignorant of them. You need to ensure that your employees receive continuous awareness training in your data security processes and procedures.
4. Using third-party services to help with data security and backup.
Among many smaller companies, it is not possible to hire a dedicated and experienced cyber security team. To fill in the gap, there are numerous vendors and service providers that are trained to take care of some of these responsibilities on behalf of other companies. Some examples of this are:
• Vulnerability scanning
• Security incident management and response
• Cyber forensics
• Data backup
5. Continually evaluating and improving current data security systems.
Cyber security is an on-going, constantly evolving activity. It thus requires continuous monitoring, data collection, and analysis combined with up-to-date industry knowledge. Though some insurance companies actually require external assessments, even where this is not the case, having an objective party evaluate your data security systems can be very revealing.
In today’s business environment, having some kind of cyber insurance is almost always a good thing– especially if the majority of your operational activity happens in the cloud or on older in-house legacy systems. If you are considering a cyber insurance policy then I personally recommend Alliance Insurance Brokers. They are one of the best brokers of this type of insurance, and they are experts at creating custom business insurance packages to suit your specific data security requirements.