Running the Cyber Insurance Application Gauntlet | Dynamic Computing

Having cyber insurance is critical in today’s business. At the same time, simply applying for coverage is increasingly complicated. 

Not that long ago, application forms for cyber coverage were relatively simple — a single page or two to fill out. Now the average application can be 10 pages or more and will have increasingly complex and confusing terms.

It’s not just the number of questions that have increased, however. More and more, insurers want granular answers about a company, with questions touching every facet of the business. This means details on:

• The business as a whole, including number of employees, annual revenue, and whether they handle sensitive data.
• Current security practices, from which tools are used to where data is stored to whether encryption is in place for data at rest and in transit.
• Access controls such as multi-factor authentication and restrictions on privileged accounts have been implemented.
• Firewalls and intrusion detection/prevention systems, as well as whether all devices and systems are patched and updated regularly.

But wait, there’s more. 

It’s now common for insurers to ask probing questions about employee security training, cybersecurity practices of third-party vendors, details of past cyber attacks or breaches, and the use of advanced threat detection systems as well.

Now obviously, providing answers to these and all the other questions on an application can be a time-consuming process. That’s not a problem for big corporations, but for small and mid-sized businesses that lack an internal IT department, completing a cyber insurance application can be challenging, even paralyzing.

That’s where relying on experts makes a huge difference.

They have questions, we have answers

As a managed IT services provider, it’s our job to stay on top of the increasing number of hoops insurers put in place to get cyber insurance coverage.

We know that our clients — small and mid-sized businesses — don’t have the time, resources, or expertise to confidently answer complicated cybersecurity questions. So as part of our comprehensive IT audit we do for clients, we focus on: 

1. Helping them meet cyber insurance requirements by assessing their current cybersecurity posture, implementing necessary controls like multi-factor authentication, endpoint detection & response, regular security patches, and providing documentation and evidence of compliance.
   
   
2. Conducting risk assessments and mitigation to identify vulnerabilities in their systems and addressing them proactively.
   
   
3. Educating our clients on the specific risks their business faces, and matching those risks to the right insurance so they don’t overpay for coverage.
   
   
4. Creating and maintaining a robust incident response plan tailored to their business, including 24/7 monitoring and support.
   
   
5. Providing routine comprehensive reporting to demonstrate their business is following best practices when/if an insurer requires an audit of its own.

By doing all this from the jump, we are able to put our clients in a position where they’re able to get the right cyber insurance to meet their needs — and we even help fill out the application for them.

Making the complicated much simpler

It’s not a secret that insurance companies like to make applying and receiving coverage a complicated process.

This is particularly true for cyber insurance, since cyber attacks are both a) increasing in number and frequency, and b) increasingly expensive for insurers to cover.

By partnering with a managed IT services provider, small and mid-sized businesses can level the playing field by simplifying the application process, while also reducing their risks and, ultimately, having better protections in place when — not if — a cyber attack occurs.