Top Tips Las Vegas Businesses Must Follow For A Successful Cyber Insurance Application

Don't Let Cyber Liability Insurance Carriers Reject Your Las Vegas Business

Have you been considering cybersecurity insurance but aren’t sure if you qualify? Before securing coverage from a carrier, you need to do your due diligence and enhance your cybersecurity.

Key points in this article:

• As cybercrime becomes more common and expensive, cyber insurance carriers are raising their standards.
• Qualifying for coverage is harder than ever before.
• The only way to qualify for a policy (and secure a payout in case of a breach) is with a comprehensive range of cybersecurity solutions and best practices.

Struggling To Find Cyber Insurance In Las Vegas?

During the past 12 months, a clear trend has emerged as many of our client’s cyber insurance came up for renewal.

Before the renewal, cyber insurance carriers require more sophisticated written cyber policies, tools, training, and disaster recovery systems. In many cases, are also significantly increasing premiums for individual cybersecurity risk items that are not being addressed.

This is because cybercrime is becoming more common and more expensive…

The Rising Costs of Cybercrime In Nevada

Security Magazine says a small business's average data breach cost is $36,000 to $50,000. Not to mention the lost productivity and reputational damage to your company.

Of course, this number is much greater when we look at large successful businesses. Here are the stats:

• 90% of cybersecurity incidents can be traced back to human error
• The average cost of a data breach is $3.86M
• 60% of breached companies go out of business within half a year of a cyber incident

In light of this, business owners have started investing in cyber insurance coverage to protect them against these expenses. Cybersecurity insurance is protection designed to help cover the potentially massive expenses associated with an unavoidable data breach. It can be a worthwhile investment, so long as you know how it works.

Cybersecurity Insurance Depends On Your Cybersecurity Standards

The inevitable threat of cybercrime has led businesses to consider cybersecurity insurance as a final layer of reassuring protection. However, as it becomes more critical, it’s also become more difficult to qualify.

It’s becoming increasingly necessary, as many insurance providers have begun drawing a clear line between normally covered losses and those incurred by cybercrime-related events.

That means that if your cybersecurity doesn’t meet the standards of your insurance provider, you may not be as well covered as you think.

Potential Questions Your Cybersecurity Insurance Carrier Could Ask…

1. Does your business have a policy against opening unverified email attachments?
2. Does your business keep malicious and spam emails out of staff inboxes?
3. Does your business double-check email attachments before they are delivered?
4. Does your business have an email threat protection solution in place?
5. Does your business have an endpoint protection solution in place?
6. Does your business use an Endpoint Detection & Response (EDR) solution?
7. Does your business use multi-factor authentication (MFA) or Two-Factor Authentication (2FA) on all user accounts?
8. Does your business test cybersecurity standards with regular vulnerability scans?
9. Does your business prohibit incoming connections using hardware and software firewalls?
10. How many users have local administrator rights enabled?
11. Do you have a content filtering solution?
12. Does your business monitor traffic into and out of the network?
13. Do your staff members have access to a password manager?
14. Are admin accounts tracked and monitored to limit and log access?
15. Have you recently tested backups of all mission-critical data, applications, and configurations?
16. Do you have encryption for backups (both at rest and in transit)?
17. Do you store backups on and offsite?
18. Do an air-gap, and separate authentication mechanisms protect your offsite backups?
19. Does your business use a cloud syncing service? (e.g. OneDrive, DropBox, SharePoint, Google Drive)
20. Is your cloud data backed up?
21. Can staff members access business email on their personal devices?
22. Can staff members send or receive PII, ePHI, or PCI data through business email?
23. Do you have an email encryption solution in place?
24. Is your staff regularly tested and trained on phishing and other social engineering attack vectors?
25. Do you have a log aggregation solution in place?
26. Do you have a Security Incident and Event Management (SIEM) system in place?
27. Do you have an update and patch management system in place?
28. Does your business monitor its network 24/7?
29. Do you work with a third-party IT company?
30. Do you rely on a third-party Security Operations Center (SOC)?
31. Is all data encrypted (at rest and in transit)?
32. Does your business have a documented policy for addressing unsafe conduct by employees?
33. Is your business compliant with applicable regulations and standard systems?
34. Do you have a policy limiting employees’ access to business data to resigning or terminated employees?
35. Do you have a Mobile Device Management policy to limit risks posed to business data by your employees’ personal devices?

To be clear, this is just a sampling of the types of questions you can expect from your cyber insurance carrier—most questionnaires are four pages at least.

Regardless, it’s plain to see that there’s a lot involved in qualifying for cybersecurity insurance. Are you prepared to be able to answer these questions?

If you are not sure or unable to answer some of these questions, feel free to reach out to Orbis Solutions for a complimentary discovery call to help better protect your business. Without a comprehensive cybersecurity strategy and proper team engagement, you may not qualify.

Don’t Rely On Cyber Insurance As A Catch-All Safety Net

In the event of a hack, a business may not qualify for full coverage if its cybersecurity standards have lapsed or if it can be found to be responsible for the incident (whether due to negligence or otherwise).

The core issue is that as cybercrime becomes more common and damaging, insurers will become more aggressive in finding ways to deny coverage. It’s in the interest of their business to pay out as little as rarely as possible, which means the policies will tend to rely on a series of complicated clauses and requirements that covered parties have to comply with.

A key example is when Mondelez International was denied coverage for the $100 million of damage they incurred from the NotPetya attack. Their insurer, Zurich Insurance, cited the obscure “war exclusion” clause, claiming that Mondelez was a victim of a cyberwar.

This is not an isolated incident. As discovered by Mactavish, the cybersecurity insurance market is plagued with issues concerning actual coverage for cybercrime events:

• Coverage is limited to attacks and fails to address human error
• Claims are limited to losses that result directly from network interruption and not the entire period of business disruption
• Claims related to third-party contractors and outsourced service providers are almost always denied

Need Help Qualifying For Cybersecurity Insurance?

Orbis Solutions can deliver the cybersecurity support needed to ensure that you qualify for a robust cybersecurity policy and help you meet the standards in the claim process.

Our team provides cybersecurity and technology services for businesses like yours—we are available to help you develop a robust cybersecurity defense. We can ensure you qualify for a policy and minimize the chance that you’ll have to claim your cybersecurity insurance.

Get in touch with the Orbis Solutions team to discover how our cybersecurity suite will manage your insurance policy compliance.