Cyberattacks are increasing every year—across industries, and among companies of every size. As a result, companies are turning to cyber liability insurance to protect their organizations and reduce their risks. But many companies are in for a rude awakening, because they’re not handling their insurance correctly.
When you apply for cyber liability insurance, you need to fill out a questionnaire to confirm that you’re doing X, Y and Z to protect your company from cyberattack. For example, Access is controlled by role based authentication and an internal firewall? Incident Response Plans (IRP) includes network administrator to monitor unusual deviation from typical network traffic? Most of us don’t have a clue what the heck those line items mean. Often, companies shrug their shoulders and simply mark “yes” all the way down the checklist.
That kind of approach to cyber liability insurance can come back to haunt you, because you’ll lose your coverage if your statements on the questionnaire don’t match reality. If you simply state on the insurance application that you’re applying security patches on a routine basis, yet that’s how someone got into your system, your insurance is likely null and void. You stand a good chance your organization won’t be covered.
That can damage your budget plan, your reputation and your customer retention. It could even have legal implications, depending on the nature of the event.
If you don’t understand what those questions mean, how can you be sure you’re doing what’s required? TCT Portal can help with that.
TCT Portal Keeps You Protected
TCT Portal helps you reduce your cyber risk and keep your cyber liability insurance coverage by making it crystal clear exactly what protections are in place—and what you still need. You can easily track your evidence for each line item, so you know without a doubt that you’re doing everything you’re supposed to be doing to reduce your risk and keep your insurance coverage.
For example, PCI Section 5 is all about antivirus. Often, an organization will say, “Yes, I’ve got antivirus,” and think they’re covered. But TCT Portal takes you line by line through the requirement: do you have antivirus on all your servers and your workstations? Is your antivirus up-to-date? Is the antivirus engine being updated on a regular basis? Are you keeping logs of your antivirus activity, and reviewing them in accordance with PCI requirements?
You can see the powerful difference TCT Portal makes in reducing your risk of cyberattack.
Insurance Policy Pitfalls
While you need good cyber liability insurance coverage, you need to be careful about falling into a couple of insurance policy pitfalls. You can’t just get the coverage and forget about cyber protection—but that’s exactly what many companies do.
Insurance Doesn’t Proactively Protect You
Having a cyber liability insurance policy is important, but it’s not going to reduce your risk or protect you from the long-term damage that comes with an attack. Cyber liability insurance doesn’t offer any proactive protection and won’t reduce your risk of attack. I’ve talked with organizations that have said, “We have cyber liability insurance. If something goes wrong, we’ll just use that.” That’s like leaving your gas stove on because you have homeowner’s insurance. You could lose your house at any moment. The insurance policy is your emergency parachute, not your primary form of defense.
If you have a fire, your insurance policy might kick in, but you’ve still lost the house and everything in it. Likewise, when you have a cyberattack, you can get it addressed and move on, but real damage has been done. Google doesn’t delete the news that your company wasn’t prepared. Your clients won’t give you a clean slate just because you had insurance. You have a black mark on your record because you didn’t take security and compliance seriously. It’s more than just getting through the event.
Both TCT and an insurance policy are critical to protect the organization proactively through risk mitigation and risk recovery. Our process is proactive. It has real impact on strengthening your organization’s security, helping to mitigate the possibility that you’ll need to make an insurance claim. Both sides of the coin are absolutely necessary, because even with the most advanced proactive protections, you could still get hit with a cyberattack. In that case, you’ll need solid insurance coverage, backed by evidence of a strong, proactive approach to a secure posture for the organization.
Don’t Set It and Forget It
Some companies approach cybersecurity as a one-time thing—buy the insurance and cross that off your list. But insurance agencies expect you to invest into ongoing maintenance of your security program. That’s where TCT Portal’s operational mode comes into play. Operational mode helps you adhere to the ongoing operational responsibilities for a proactive stance toward security, year-in and year-out—so your insurance coverage is always valid and you don’t have any nasty surprises waiting for you when you need to make a claim.
Be Proactive With Your Protection!
Looking for a good cyber liability policy? We can recommend Gallagher Insurance Company. But don’t stop with cyber liability insurance. Take proactive steps to actually reduce your security risks. Request a demo to see how TCT Portal takes away the mystery of risk reduction.