May 4, 201710:40 AMOpen Mic
Send us your blog for consideration!
Questions to ask when considering a cyber insurance policy for your business
(page 1 of 2)
Editor's note: For an in-depth look at cyber insurance, see our May 2017 In Business magazine feature article on the subject.
Data breaches and other cybercrimes affect small and medium-sized businesses, as well as the large companies so often featured in the news.
In our experiences as treasury management advisors, which includes helping businesses ensure adequate and appropriate fraud controls, we’ve seen some scary fraud attempts. We suggest to all business owners to ask an experienced banker about his or her exposure to fraud cases over the year. We hope you’ll be scared, too, because by understanding the all-too-real risks to your business, you can help prevent fraud.
Prevention is absolutely the most important thing to focus on. Consider this conclusion from Certified Fraud Examiners in a 2016 report issued by the Association of Certified Fraud Examiners (AFCE): “Small organizations had a significantly lower implementation rate of anti-fraud controls than large organizations. This gap in fraud prevention and detection coverage leaves small organizations extremely susceptible to frauds that can cause significant damage to their limited resources.”
Our message is always to work toward strengthening and maintaining your approach to fraud prevention.
Then, secondarily, you may also wish to contact an insurance professional to discuss whether a cyber insurance policy may be a fit for your business. We have personally seen a few examples where such policies recouped their costs after instances of fraud.
From our perspective in treasury management, we’d offer several questions you may like to discuss with an insurance professional if you are exploring a cyber insurance policy for your business:
- Does the insurance company offer one or more types of cyber insurance policies or is the coverage simply an extension to an existing policy? In most cases, a standalone policy is best and more comprehensive. Also find out if the policy is customizable to an organization.
- What are the deductibles? Be sure to compare deductibles closely among insurers, just like you do with health, vehicle, and facility policies.
- How do coverage and limits apply to both first and third parties? For example, does the policy cover third-party service providers? On that note, find out if your service providers have cyber insurance and how it affects your agreement.
- Does the policy cover any attack to which an organization falls victim or only targeted attacks against that organization in particular?
- Does the policy cover non-malicious actions taken by an employee? This is part of the errors and omissions (E&O) coverage that applies to cyber insurance, as well.
- Does the policy cover social engineering, as well as network attacks? Social engineering plays a role in all kinds of attacks, including phishing, spear phishing, and advanced persistent threats (APTs).
- Because APTs take place over time, which can be months to years, does the policy include time frames within which coverage applies?