Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

Blog
  • Register

Capstone Works Blog

Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

What to Do When Your Business Insurance Starts Requiring Cybersecurity

What to Do When Your Business Insurance Starts Requiring Cybersecurity

Here’s the scenario. Your business insurance provider may have reached out to you, asking questions about your IT and overall cybersecurity. In our experience, this has caused some confusion for a lot of organizations, so we wanted to chime in and help Austin business owners get a better understanding on why your insurance provider is even getting into the weeds with this, and what they are actually looking for.

First, Know That This is All Pretty New to Most Insurance Providers

Look at this as a “blind leading the blind” situation. Your insurance provider, and in particular, the agent you are directly interfacing with, might not be technically savvy enough to fully explain IT or cybersecurity requirements, or why they matter when it comes to your insurance coverage. 

We’ll even admit, there’s more to this than we could fit into a single blog post. Cybersecurity is complicated, nuanced, and often varies on a case-by-case basis. There are definitely some cybersecurity standards and best practices that apply to virtually any organization, but none of this stuff is inherently simple.

When your insurance agent is passing you over details and trying to explain things, they are probably doing the best they can. That said, they probably aren’t an expert on cybersecurity, they don’t know what you already have at your business, what you are and are not doing, or even what kind of data or compliance standards you are working with. Truth be told—this stuff has gotten extremely complicated over the last few years, and it’s only going to get more complex and more important for organizations of all sizes moving forward. That’s okay, that’s why we’re here to help.

The Situation: My Business Insurance Company is Asking Questions About My Cybersecurity

You might be switching providers or renewing your business insurance, and suddenly you are being asked questions about your IT and cybersecurity. Most of the time, these questions are going to be pretty standard, but depending on your insurance provider, they might have some variation. First, let’s take a look at what the general questions tend to be based around:

  • Strong password policies
  • Multi-factor authentication
  • Email filtering and spam protection
  • The overall security of your website
  • Web security and firewalls
  • Secured, encrypted data backups
  • Endpoint detection and response (EDR)
  • Vulnerability management
  • Security awareness training and testing

One thing we’ve noticed, just based on what clients and prospects have brought to our attention, is that sometimes, the way the insurance agent explains all of this to them makes it sound like it all relates to your organization’s website.

This is not the case. While we’ve certainly seen a company’s overall website security get brought up in the overall mix when it comes to cybersecurity, the majority of these elements are wrapped around your internal IT infrastructure. The website security side is still important, so we definitely wanted to mention it. I think the impression that some people tend to get is that their insurance company is focusing on website security—this isn’t the case, it’s all-encompassing.

The other misconception is that your insurance company is telling you that you aren’t in compliance in some way or another. This isn’t necessarily true either—they wouldn’t have a way to know what is going on with your internal IT.

In actuality, they are just asking you questions to make sure you are committed to some of the barest requirements of protecting your business against the rising risk of cyberattacks. 

Why Does Cybersecurity Even Matter for Business Insurance?

Modern cybersecurity threats are becoming a bigger problem, and they are becoming more expensive for businesses to deal with. 

The average cost of a ransomware attack is a staggering $4.35 million. That doesn’t even include the cost of the average ransomware payment, which is now $812,360. These aren’t the typical annoying computer viruses that might disrupt your business for a couple of days and put you and your staff behind by a week. A ransomware attack can cause a major disruption to business that could take months or years to recover from. On average, ransomware victims take 326 days to identify and properly respond to an attack. 

This type of threat is a major risk to virtually any business—if you have computers, you are at risk. If you store important data, especially sensitive or personal information on your customers, clients, and staff, you are at risk. Your organization’s size, shape, and the industry you are in doesn’t change any of this (although some industries do tend to have even stricter regulations when it comes to protecting sensitive data).

It only makes sense that your business insurance company wants to make sure you are taking steps to reduce the risk if they are going to provide coverage for your business.

Take a Step Back; This Shouldn’t Be About Your Insurance

Yes, this conversation started because your business insurance company wants to make sure you are meeting certain criteria when it comes to cybersecurity. It might even affect your eligibility to be covered, or it might affect your rates.

Put all of that aside.

Confirm with your insurance agent that you have their full comprehensive list of everything they want. 

Then commit to it.

Consider the fact that you might prevent your insurance premiums from going up an added perk, but you should really be looking at these suggestions as an opportunity to do what’s best for your organization. These measures are massive steps to prevent catastrophic problems. 

You might already be halfway there. Many of our clients are going to be pretty well covered, or even surpass what these minimum requirements are. Whether you are a Capstone Works client or not, we encourage you to reach out to discuss this with us.

These requirements aren’t necessarily about throwing money at the problem; sometimes it’s more about establishing the right policies and making sure your current solutions are audited and up to date. It might involve purchasing hardware and software, and paying cybersecurity professionals to make some adjustments, but that investment could potentially save your business in the long run.

Let’s Get Your Cybersecurity In Check

We’re used to helping businesses meet demanding cybersecurity compliance requirements, so we can help your organization review your insurance requirements and then implement everything they want from you. Trust us; it’s better for your organization to have these taken care of. 

Let’s start by discussing your needs. Give us a call at (512) 343-8891 today to get started.

Awesome Tips for Working From Anywhere (While Stil...
New 2023 Cybercrime Trends that Austin Businesses ...
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, November 07, 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Quick Tips Remote Work Social Media Malware 365 features BDR File Folder right time Clutch Data Security application employees download EMR cloud Saving money Tip of the Week Users Disaster Recovery Hardware Two-Factor Authentication Efficiency Innovation devices Windows password protection UPS Cloud Communications Servers Cloud Computing Managed Service SCAMS web application Server Vendor surge protection Data Recovery Backup Managed Services best practices VoIP Ransomware Business continuity Communication Internet Break/fit Software Passwords Email Computer Workplace Strategies Microsoft Office AWS cybersecurity tools media accounts Data Privacy Day spam Tech Support Business Continuity Cloud computing Current Events HIPAA 2FA Technology Cloud services Health managed IT Mobile Office Architect IT Productivity smart devices Content Filtering phishing Disaster Planning IT Support cybersecurity New Year Password IT support Marketing Engineering January 28 Microsoft Office 365 AI business continuity Network Remote IT Services hackers AutoCAD sports teams Compliance high-threat environment Microsoft Hosted Solutions Co-managed IT User Tips Shadow comprehensive IT Recovery Workplace Strategy Apple Cyberattack Workplace Tips employees business IoT Common password content Best Practices Privacy Remote Workers Network Security Business Cybersecurity Passwords today Managed IT Small Business business owners COVID-19 Broadband Gadgets Microsoft Teams Outsourced IT accounts need Saving Money Delightful

Latest News & Events

Capstone Works is proud to announce the launch of our new website at https://www.capstoneworks.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Capstone Works can do for your business.

Call Us Today
Call us today
(512) 343-8891

715 Discovery Blvd
Suite 511

Cedar Park, Texas 78613