The costs of a cyberattack keep going up every year. It has gotten so that a small business owner would be just as devastated financially by a ransomware attack as they would be due to a flood in their building.
Just about every business owner has some type of property insurance or liability insurance to protect themselves from unexpected costs due to a crisis. Not nearly as many have cybersecurity liability insurance to protect them from losses due to a cyberattack.
Some of the costs that businesses are now looking at should they become a victim of a malware infection or data breach are:
- The average cost of a data breach is $4.37 million
- The average cost to remediate ransomware is $1.85 million
If you’ve been worried about network security and becoming a victim of a cyberattack, then you may have considered cybersecurity insurance. Many major carriers now offer this type of insurance to protect businesses.
Some of the typical costs covered by cybersecurity insurance include:
- Cost to repair computer systems
- Cost to restore damaged data
- Cost to notify customers of a data breach
- Cost of providing identity theft services to those impacted by a breach
- Legal costs
A cybersecurity insurance application is not like other types of insurance forms. It’s going to include a lot of technical questions related to your IT systems and IT security protections.
If you answer any of these questions incorrectly, then you could find yourself paying much more than you need to in annual premiums. It’s best to get the help of someone like Texas I.T Pros to fill this out. We can understand the technical jargon and ensure your application is accurately answered.
Expect to See These Types of Questions on a Cybersecurity Insurance Application
Do You Notify Users Automatically When an Email Originates Outside Your Company?
This question has to do with defending against phishing. One of the ways to give users an alert that they need to carefully inspect a message for phishing is to put a notification in the subject line when the email comes from outside your network.
This can help stop spoofed emails from fooling users and can reduce your cyber insurance premiums if you have it in place.
Do You Use SPF, DKIM, or DMARC Authentication?
Not many business owners would understand what this question means. It’s related to having three email authentication protocols on your mail server. The three work together to help prevent phishing attacks using spoofed email addresses.
It’s a good idea to set up email authentication on your server. Not only is it a security precaution, but it can also help you keep your company emails out of customer spam folders.
Do You Actively Monitor All Administrative Accounts for Unusual Behavior?
Accounts that you have within your network and cloud platforms are all subject to credential theft, which can mean a breach or malware infection. Administrator accounts are particularly sensitive because they will have access to more system controls than standard user accounts.
There is a software you can put in place to monitor those admin accounts for any anomalous behavior (e.g., login after hours, downloading sensitive data offsite, etc.)
How Frequently Do You Install Critical and High Severity Patches Across Your Organization?
If you are relying on your users to install updates on their own computers, then you may not know the answer to this question. If so, that’s not good and it will raise your liability in the eyes of the insurance company.
It’s important to have a patch and update management system in place. This is true especially for those critical and high severity patches that are fixing a dangerous code weakness that’s allowing hackers to gain access to a system.
Can Users Run Microsoft Office Macro-Enabled Documents on their System by Default?
One of the common tactics used by phishing attackers is to send Word or Excel attachments through email that use macros to automatically install malware on a device when opened.
If your users’ computers allow the running of those macros by default, then it puts you at higher risk of a malware infection. It’s better to disable the default running of Office document macros to avoid this type of phishing attack.
Do All Employees With Financial or Accounting Duties Receive Social Engineering Training?
Social engineering is the tactic used in phishing emails, social phishing, SMS phishing, and phishing by phone. It’s when the perpetrator tries to trick someone through deception into taking some kind of action.
All employees should receive regular security awareness training. On a cybersecurity liability insurance application, you may see finance and accounting employees pointed out because they deal with some of the most sensitive information that a company has.
Reduce Your Risk of Cybersecurity Losses Due to an Attack
Texas I.T. Pros can help your Denton or Wise County business ensure you have adequate cybersecurity protections in place to defend against the latest types of attacks.
Contact us today to learn more! Call 940-239-6500 or reach out online.