Getting a quote for cyber insurance is not an easy process and quotes are not guaranteed. Unprepared applicants may be declined or will be offered substantially weaker coverage and much higher premiums.
The application process can be extremely helpful as discussed above. Brokers should prepare their clients in advance of sending applications to market. The following are some steps and practices to to prepare for the cyber insurance application.
- Start encrypting data: Under most jurisdictions if stolen data had been encrypted - like the laptop of a doctor with sensitive patient information - then requirements to notify those that may be affected by the theft is not required. The data is assumed to be useless to the hacker. Now multiply this same benefit to millions of credit card numbers for a corner store or restaurant and the potential for reduced loss is massive.
- Start MFA as a practice: Multi-Factor Authentication is a process where the user logging into a network remotely first enters their password, but is then asked to verify themselves by means of entering a code sent to their cell phone.
- Start verification of funds transferred by electronic means - wires or ACH.
- Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR) or the constant surveillance of devices that access a network is a growing topic and one that clients should be prepared to discuss, especially for mid-sized company applicants.