While recently going through our E&O Insurance and Cyber Insurance renewals we were quite surprised at the depth of the new requirements most carriers and underwriters are putting onto small businesses in Huntsville, Alabama and across the country as terms and conditions of their policy. The days of filling out 10 questions from your carrier are over. Ours was over 50 questions, all in great detail. If you are saying, “that’s because you’re an IT support provider and have greater risk”, this is not the case. We have had over a dozen requests recently to help fill out multi-page Q&A sheets from carriers.
With the almost 1000% increase in cyber breaches and ransomware events, insurance companies are tightening up what they will insure. If you are unable to say yes to questions like: Are you using 2fa on all accounts? Do you have a SIEM? Do you have the least permissions set up? Do you have an active, threat-hunting tool? Do you perform regular assessments? and more, you may be denied coverage. In some cases, the carrier will say, “sure we will cover you but for no more than XXXX dollars and not if a breach is because of YYYY conditions”. I am not trying to scare you; I am trying to inform you of the reality that we are all now faced with. At recent conferences that we have attended, this is the number 1 topic by far. We even joked that the Insurance carriers will succeed where the government regulators have failed.
As a reminder, you must have your own cyber liability insurance. You are not covered under F1 or anyone else’s policy. You cannot transfer risk. You may share it in some cases, but liability stays with the owner of the data. We will continue to recommend security hardening features as we come across them; however, the ultimate responsibility to approve changes is yours. We cannot spend your budget for you. If you are a PAM (Proactive Annual Maintenance) Gold client and are also on our full CaaS offerings, you most likely will sail through your insurance audit.
Here are some tips in renewing your policy:
- Read carefully! Ask the broker to point out the exclusions page and go through that section carefully.
- Consider having a lawyer review your policy. I do.
- Make sure your Cyber policy has good coverage for breach response, ransom payout, and 3rd party business disruption in case your clients come after you.
- If they want to exclude covering something you deem important, then ask why and then ask what you could put into place that would make them comfortable with covering you.
- Ask F1 to help fill out technical parts of the survey. Yes, we do charge for this service outside of your agreement, but a few hours of time up front could save you thousands. Contact our Huntsville, Alabama location here>.