Why a Privacy and Security Program is a Requirement for Cyber Insurance
Cyber insurance is becoming a necessity for a number of businesses. And businesses are feeling the pain of increased premium prices and the addition of high deductibles. This major change in cyber insurance has made business leaders wonder why and how they can avoid these high uncontrollable costs and liabilities. The Wall Street Journal published an article covering the increase in premiums and what businesses need to do to ensure they are insurable.
This article focuses on what insurers are doing to limit their risk. Cyber insurance is still immature when it comes to risk analysis and requirements to pay out claims. Because of this carriers have taken big losses and therefore premiums have increase 79% from the previous year. Carriers know that they must decrease their risk of future loss so they are focusing on ensuring businesses have cybersecurity and privacy programs in place.
So, what does this mean for a businesses? When you sign on the dotted line purchasing or renewing a policy you will be ask a number of critical questions regarding your privacy and security practices. If a business does not have a program in place, they are a higher risk and carriers are not willing to take that risk without a higher premiums and deductibles. Many companies are required to have some level of cyber insurance due to their clients’ requirements so it puts many businesses in an interesting predicament.
Although most insurance carriers will not “audit” you prior to issuing you a policy, if you have to submit a claim, it will be the first place they go. A privacy and security program is going to be a requirement and proof best practices, policies and other controls in place will be a necessity. Ironically, the need for a “reasonable” privacy and security program has been in place at the state, federal, and international level for some time. Kill two birds with one stone, but most importantly, do what is necessary to defend against data loss.