First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Network security ,Security, Internet, Technology,Security, Internet, Data, Privacy, Technology,Network Security, Data, Privacy, Lock, Finance
GET INSIGHTS

Get monthly ideas delivered right to your inbox.

Subscribe for Insights

For Your Small Business Allen Falcon January 17, 2024

5 Steps to Take Before You Apply for Cyber Insurance

Cybersecurity is a critical issue for businesses of all sizes. Partly this is because of the rapid development of artificial intelligence, which is creating new types of threats. Pronouncements like these, from the National Security Administration’s (NSA) annual cybersecurity report, highlight reasons why we should be thinking about not just cybersecurity, but cyber insurance.

Cyber insurance plays a key role in your response to a successful cyberattack, but obtaining the right coverage is challenging. As a specialized coverage, underwriting typically involves assessing your company’s ability to identify, prevent, and respond to an attack or breach.

Applying for cyber insurance before you are ready can lead to denials, mandated security measures, and/or higher premiums. Any of these outcomes will have a lasting impact on your business.

Here are five steps you can take before you apply for cyber insurance that can help ensure you get the right coverage at the right price.

Step 1: Prepare before you apply

Cyber insurance carriers expect you to have adequate cybersecurity measures, including appropriate policies and procedures. For small businesses, this means protection from the most common types of cyberattacks (phishing and ransomware) and the most costly forms of attack (business email compromise (BEC) attacks). While less common, BEC attacks often result in rapid, significant financial losses.

Next-gen endpoint protection, advanced threat protection, multi-factor authentication, and PC continuity are examples of low-cost and free protections.

Step 2: Avoid “reject” or “require”

If the insurance carrier finds your application or security measures are inadequate, they may reject or deny coverage. Carriers may also require you to make specific changes before issuing a policy.

With your cyber insurance application, carriers require a cybersecurity assessment via a questionnaire or survey. In addition to your attestation of accuracy, the underwriter may ask you to validate select answers, require a more formal audit, or hire a third-party auditor.

If your assessment indicates higher risks, the insurer may:

  • Approve your application with (significantly) higher premiums and/or limited coverage
  • Deny or reject your application
  • Require specific cybersecurity measures before approving your coverage

Rejection of coverage is damaging, as you must disclose the denial on future cyber insurance applications.

With conditional acceptance, carriers often require you to add enterprise-class security services that are beyond smaller business budgets. And while some carriers will allow you to withdraw your application, others will treat a decision not to move forward as a denial.

Step 3: Be careful with “yes” and “no”

Most cyber insurance questionnaires use “yes or no” questions. Your “yes” and “no” answers are absolute and binding. Any misrepresentation may be seen as grounds to deny claims or cancel your policy.

For example: If asked about using multi-factor authentication (MFA), a “yes” means that every single account on every system has MFA enabled. If you answer “yes,” experience a breach, and forensics show any accounts without MFA, your insurer may reduce or deny your claim.

If you cannot provide “yes” or “no” as an absolute answer, respond with “see attached” and provide an explanation so the underwriter can assess the risk.

Step 4: Be ready to own your answers

Most small businesses rely on IT service providers, vendors, and legal counsel for assistance with cybersecurity questionnaires. You need to understand the answers, as you are contractually responsible for the information. Incorrect or misleading information may result in reduced or denied claims, policy cancellation, and other liabilities.

If you do not understand, or are not comfortable with any answers, seek additional advice. An objective second opinion helps avoid future problems.

Step 5: Use a specialist

Cyber insurance is a specialized technical insurance product. To obtain appropriate and affordable coverage, work with an agent or broker with specialized cybersecurity and cyber insurance expertise.

While your general business liability agent may offer an “easy application” cyber insurance policy, these policies often lack appropriate coverage. A specialist, particularly one who can solicit policies from multiple carriers, is your best guide through the application and underwriting process.

Taking the time to prepare before applying for cyber insurance, or putting your current policy out to bid, can save you money, time, and aggravation. You also reduce your risk of inadequate coverage and denied claims.

Connect with an Old National Small Business Banker for more insights to help your business grow.

This article was written by Allen Falcon from Inc. and was legally licensed through the DiveMarketplace by Industry Dive. Please direct all licensing questions to legal@industrydive.com.

Subscribe for Insights

Subscribe