It’s okay to pay that ransomware attacker because you’ve got insurance, right? Actually, this may not be the case.
Guess who is getting upset at all those policyholders giving in and paying the ransom to attackers? The insurance companies have to pay for it. They’ve had enough and are making some major changes to their policies. And these changes definitely aren’t going to be in your favor.
Some of the updates that insurance carriers have begun making include:
- Eliminating coverage for ransomware ransom payments
- Eliminating coverage for “nation-state” attacks (which could be just about any major attack)
- Raising rates (of course!)
- Increasing the IT security standards that companies need before they qualify for coverage
What type of Cyber Insurance coverage should an SMB consider?
Consider the coverage options to include items such as:
- Cyber incident response
- Business interruption loss
- Digital data recovery
- Cyber privacy
- Cyber/Ransomware extortion
- Electronic and social media liability
- Computer fraud
- Funds transfer fraud
- Social engineering fraud
If you can’t rely on a cyber insurance policy, what does that mean for your company when just one attack can mean catastrophe? Answer: You need security and resilience.
Coordinate with IT provider, insurance company, and legal resources
A company utilizing a database of personal and sensitive information (such as names, addresses, social security numbers, or payment card details) is responsible for keeping that data secure.
Coordinate cybersecurity preventive and response actions with their internal and external IT provider, and the cyber insurance company. Don’t overlook a legal counsel. Work with a regulatory compliance service provider to address compliance rules such as CIS (Internet Security), NIST (National Cybersecurity Framework), ISO 27000 (IT Security Policies), CMMC (Department of Defense), HIPAA/HITRUST (Healthcare). Make sure your business is compliant specifically with your type of business and industry.
The best place to start is with a cybersecurity audit to get a roadmap for what you need to do. Request your Security Assessment (and get a free e-Book, “Cybersecurity Essentials for Business Owners”), now!
Invest in fortifying your defenses and your disaster recovery strategy to mitigate an attack that could harm your business or end it for good.