One of the questions I am asked a lot these days is related to cyber insurance, specifically – “should I purchase a cyber insurance policy for my business?”
It’s a great question and a very important topic, and so I’ve decided to focus on it in this blog.
There’s a lot of confusion around this subject, so let’s start with some definitions.
Cyber Insurance is an insurance policy that provides protection against financial losses through cyber incidents – such as data breaches, ransomware attacks, data theft, and more. These incidents are often very expensive to fix, and cyber insurance can lessen the financial blow in the same way that property insurance would assist you if your office burned down. Note that cyber insurance does not protect you from the incident happening in the first place – it’s only there to help you mitigate the financial loss if something goes wrong.
Cyber Security Services, offered by IT companies like Proactive, exist to protect you against these incidents happening in the first place. Competent cybersecurity protection will drastically reduce the chances of a cyber-attack.
Cybersecurity is preventative; cyber insurance is there to help you mitigate the damage if something does go wrong.
So, should you invest in cyber insurance for your business? Yes, you probably should. Some industry segments may be at higher risk – for example, professional service firms – but statistics show that every business is a potential target, no matter how large or small. Here are several important questions to consider:
- What are the likely consequences if a cyber-attack is carried out against you? Some businesses can recover fairly quickly and easily, with relatively little damage. Others – especially professional services firms who deal with lots of sensitive client information – can be devastated by a cyberattack.
- What have you done to mitigate the risk of cyber-attack? A competent IT provider will help you mitigate these risks by implementing proper cyber hygiene practices in your organization – and these days, most cyber insurance providers won’t issue a policy unless your organization is following best practices. (Also – in many cases your insurance premium can be reduced if you can show the insurer that you’re following proper cyber hygiene.)
- If your business is attacked, do you know how to respond? A competent IT provider will help you prepare a response plan, and will also be available to assist immediately in the event of an attack. Most cyber insurance policies provide for forensic analysis in the event of a breach, which should help you mitigate the damage as well as reduce the risk of future attacks.
Bottom line: cyber insurance is a great way for businesses to insure against the financial damage that a cyber-attack can create. But it’s not a substitute for putting proper cybersecurity measures in place – and in fact, most insurance companies won’t cover your organization until you’ve got these measures in place. So I’d encourage you to start by focusing on your network security. Once you’ve got these systems in place, you can consider whether cyber insurance makes sense as an additional financial protection.
If you’d like to have a conversation about cybersecurity or your business IT strategy in general, we’re here to help.
Please reach out to us via email at info@weareproactive.com or 704-464-3075 extension 3.
Dedicated to IT security and productivity,
– Steve
About Steve Kennen
Steve Kennen is the President of Proactive IT and an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for businesses. A seasoned entrepreneur and technology veteran with over 25 years of experience, Steve leads the team that keeps our clients secure and their business operations running smoothly.