Key 7 Questions Asked on a Cybersecurity Insurance Application

Key 7 Questions Asked on a Cybersecurity Insurance Application

With the cost of a data breach or malware infection being so high, many companies today are getting cybersecurity insurance. This type of insurance protects businesses from the devastating losses that can result from just one attack.

Sometimes these costs can be as much as the damage that happens to a building due to flood or fire. So, it makes sense that in addition to insurance to cover physical losses, companies would also want to be covered for monetary losses due to a cybersecurity incident.

The average cost to recover from a ransomware attack has risen from $761,106 in 2020 to $1.85 million in 2021.

While proactive network security and monitoring are vital to helping prevent the chance of an attack, insurance provides a safety net if the unexpected does happen. 

It will typically pay a company up to a specified amount to recoup expenses from remediation of an attack, a ransom paid in the case of ransomware, notification costs for a breach, and similar attack-related costs.

But when signing up for cybersecurity insurance, if you’re not prepared for some of the questions asked in the application, you could end up paying more than you need to for your premiums.

For example, C Solutions recently helped a client that brought their cybersecurity insurance application to us. We saved that client $1,500 per year on insurance premium costs.

Knowing in advance what key questions are asked on a cybersecurity insurance application can help you be better prepared so you’re not paying more than you need to. You may also want to put a few security protocols in place that you may not currently have to reduce your rate, similar to how you can add a safety feature to a vehicle to get a lower auto insurance rate.

Here are some of the top questions that you’ll see.

If You Process, Store, or Handle Credit Card Transactions, Are You PCI-DSS Compliant?

Most organizations will take credit cards as a form of payment, but many are unaware of their responsibilities under PCI-DSS (Payment Card Industry Data Security Standard). This is a data privacy standard to help maintain the privacy of cardholders by ensuring merchants are handling that data properly.

According to Verizon’s PCI DSS Compliance report, as many as 80% of companies that process credit cards are not in compliance with PCI. 

Ensuring compliance before signing up for cybersecurity insurance can help reduce the premiums you’ll pay.

Who Is Responsible for Your Network Security?

Be prepared to detail not only who is in charge of your network security (outside IT firm or in-house) but also how many IT people are on your team as well as how many dedicated IT security personnel.

Do You Tag External Emails to Alert Employees That the Message Originated from Outside the Organization?

Something that can help reduce your risk of a phishing attack as well as the amount you’ll pay for cyber insurance is having a tag on emails that originate outside the organization.

This is done through a software feature that looks at where emails are coming from (not just the “sender” domain, which can be spoofed), and it gives users a visual notification to be additionally careful with this email because it came from outside your company.

Do You Pre-Screen Emails for Malicious Links and Attachments?

This question pertains to whether or not your company uses mail filtering that reviews both links and mail attachments for potential malware or phishing. Many of today’s advanced platforms like Microsoft 365 and others have this capability, but it may need to be properly enabled. 

Do You Implement SPF, DKIM, or DMARC to prevent phishing messages?

Another important safeguard that you may be asked about is whether or not you use one or more of the three email authentication protocols. 

SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) all work together to confirm that an email sent with your company’s domain in the Sender link is actually from your company.

Do You Use MFA to Secure All Cloud Provider Services?

One of the best protections you can put in place to prevent cloud account breaches is multi-factor authentication (MFA). Having this important security safeguard in place for all your accounts will definitely help reduce your security insurance premium, as well as protect you from most cloud account attacks.

Do You Record and Track all Software & Hardware Assets Deployed Across Your Organization?

Today’s offices have more endpoints than ever, and those devices are often used outside the office, for example in the homes of employees that are working remotely.

All mobile devices, PCs, and the software they use should have a tracking and monitoring protocol in place for security. This will be a question you should be prepared to answer on your insurance application.

Bring Your Cybersecurity Insurance Application to C Solutions!

Answering wrong on a cyber insurance application can mean you pay hundreds or thousands of dollars more annually than you need to. C Solutions can help your Orlando area business with your application and the safeguards that help improve security and reduce premiums.

Schedule a free consultation today! Call 407-536-8381 or reach us online.