By Mark Shaw
The 2022 outlook for business is 100 percent about cybersecurity insurance. The best thing you can do for your business has nothing to do with buying technology, it’s about protecting your existing investment in exactly what you own right now.
How do you do that? By purchasing a cyber insurance plan for your business.
In doing so, you may ask any number of questions like:
Why a small business like yours with so little a hacker might find valuable would need an insurance policy to cover your technology?
Why your IT technology firm wouldn’t be enough to help you?
Why your cybersecurity firm who works with your internal or external IT department isn’t enough to protect you?
These are great questions, and the answers are simple.
Your cyber and IT staff can’t protect your business all the time. Something will happen beyond everyone’s control and their insurance won’t cover you, and you will be stuck in a bad situation.
Every day we see more and more impact from cyber security. The fallout from major attacks like the Microsoft Exchange, SolarWinds, Kaseya just to name three that are recent are having major ripple effects throughout the entire technology world.
What businesses of every size are starting to learn is that there is no safe space in the modern connected world we live in. Nothing is bullet proof, and nothing can be completely secured. What is even more stark is the fact that the large software vendors like the Microsofts of the world take zero responsibility if anyone uses their product to destroy your business.
They don’t have any liability to you, your technology firm, your insurance firm, no one. They simply state that by using their software you hold them harmless for all malicious things that could happen.
This is normal in the software and technology services space. When their AWS service went down for hours, Amazon took no responsibility at all, and anyone who used those services already agreed to accept that risk. The long story short is simple: No one will care about your business more than you will. So, protect it. Buy insurance.
Insurance companies’ losses are in the billions right now. They are running scared from high-risk companies that do not do the basics to prepare themselves. The forms they are asking you to fill out to get the insurance are more complex and technical than ever.
See how many of these questions a business owner, can answer with certainty.
1. Do you implement Multi factor authentication (MFA) for remote access/ for privileged accounts?
2. Do you have off site (e.g. cloud) back-ups less than a month old?
3. Can you recover all of your business-critical data and systems in 10 days?
4. What EDR Technologies are in place?
5. Do you have a written policy regarding network access?
6. Do you enforce SPF (Send Policy Framework) on incoming emails?
These are just six questions and many of the newest insurance forms asking multiple sub questions to each one of these. For example, on the off site backups, you would be asked where they are located, how many copies, are they encrypted, are they encrypted in transit and at rest and when was the last time you tried to restore.
This level of understanding where your technology risk lies is no longer sitting with the IT department. As a business owner, these are now business questions on insurance applications.
Are you ready to answer these correctly? Are you willing to go without insurance? Are you willing to pay higher premiums for the gaps in your technology? Are you ready to roll the dice with your company’s data?
Hopefully this starts you thinking beyond the technology and starts a conversation with your IT department about where you stand and what you need to do. Business is all about balancing risks. Sometimes the risks cannot be avoided, and for these times we highly recommend getting insurance to cover those gaps.
It’s smart business, and in 2022 we all need to be smart with our businesses.