Published 2022-05-04 by TechNet New England
Cybersecurity insurance has gone from a nice-to-have to a business necessity. As cyber threats intensify, insurers are tightening their requirements, raising premiums, and in some cases denying coverage to businesses that cannot demonstrate adequate security practices.
What Cyber Insurance Covers
- Incident response costs: Forensic investigation, legal counsel, and crisis management
- Business interruption: Lost income during system downtime caused by a cyber incident
- Data breach notification: Costs of notifying affected individuals as required by law
- Regulatory fines: Penalties from regulatory bodies (HIPAA, PCI DSS, state privacy laws)
- Ransom payments: Some policies cover ransom payments, though this is increasingly restricted
- Legal defense: Costs of defending against lawsuits resulting from a breach
What Insurers Require
To qualify for cyber insurance at reasonable rates, you typically need:
- Multi-factor authentication: Required on email, remote access, and admin accounts
- Endpoint detection and response: Advanced security software on all devices
- Regular backups: Tested, offline or immutable backup copies
- Patch management: A documented process for timely security updates
- Security awareness training: Regular training for all employees
- Incident response plan: A documented plan for handling security incidents
Our Advice
Cyber insurance is not a substitute for security. It is a complement. Treat the insurance requirements as a baseline security checklist. Implement the controls, get the coverage, and you have both prevention and financial protection.
Need help meeting cyber insurance requirements? Contact TechNet New England and we will assess your current posture and identify any gaps.