With Cyber Insurance “I Didn’t Know” Is Not An Excuse

cyber insurance I didnt know is no excuse

Read about a cyber attack recently?

Of course you have…

So, there’s no excuse for not having cyber insurance for your business.

The interesting thing is that it’s actually a good time to buy cyber insurance because three things are going on:

1) Insurance companies don’t really know how to price it.

2) A lot of competition exists in the insurance marketplace for solving cyber risks using artificial intelligence and software.

3) Only about 25% of the businesses in the US have any cyber coverage…

These three situations converge to provide a lot of capacity for cyber insurance, in a market that’s competitive and changing rapidly because of technology.

Caveat Emptor When Buying Cyber Insurance

Cyber insurance is considered “non-standard” coverage.

What does this mean?

It means that no two policies are the same, no coverages are the same, language is different from carrier to carrier, exclusions run the full spectrum…

Basically it’s nuts.

Indeed, you might think you have cyber now… When in fact you have some crappy, bare bones “identity theft” coverage or credit monitoring service that has the word “cyber” in it.

Ugh.

Don’t believe the hype.

Do your research, read your policy (yes you will need a lot of coffee), or better yet, ask your business insurance broker to do it…

That’s why you should work with a broker in the first place… So they can advise you when you are at risk of buying crappy insurance.

“I Didn’t Know” Is No Excuse

If you have a board of directors or investors, or you hold customers’ personal data, if you’re a SaaS company with a distributed team, if you use talent from UpWork, or have data hosted in the cloud…

Guess what?

You’ve got a supply chain.

It may be invisible, but you’ve got a supply chain.

What does your supply chain security look like?

Do you hold your vendors to the same crappy standard you hold yourself (i.e. if you don’t have cyber insurance already?)

Or are you just assuming that everything going on downstream and upstream is rock solid from a cyber security standpoint?

Guess what? It’s not rock solid.

Probably a few of your vendors or partners were at a Starbucks or Dunkin’ this morning, not using a VPN, just this morning sending emails back and forth about your business…

What about your employees? What happens when they lose a laptop?

The average employee receives hundreds of spam emails over the course of the year… Many of which are malicious…

Are they all super “buttoned up” when it comes to not clicking on something bad?

Probably you know the answer to that.

“I didn’t know” is no longer an excuse when it comes to cyber insurance.