Safeguard Your Company From a Ransomware Attack With a Strong Cyber Insurance Policy

“My company doesn’t need a cyber insurance policy.”

That’s a statement Alexander Anglim, a partner at Santomassimo Davis LLP Outside General Counsel™ Solutions, a New Jersey-based firm with offices in New Jersey, Philadelphia, and New York, hears far too often from clients.

Anglim estimates that roughly 30 percent of companies carry cybersecurity insurance, a number that he calls “absurdly low.

“Many companies mistakenly believe they don’t need a cyber insurance policy because they just have a basic website or don’t store customers’ private data,” he says.

But in reality, Anglim says, virtually all companies need cyber insurance coverage to help reduce the financial risks associated with doing business online, like ransomware attacks, data breaches, and malware attacks. “If you look at the recent news stories of companies that have been hit with ransomware attacks, you’ll note that many of the victims are companies that aren’t household names and aren’t dealing with consumer data or customer privacy issues,” Anglim says, pointing to recent reports of cyberattacks on a meatpacking operation and a petroleum pipeline company. 

The bottom line: “Any company, big or small, that needs computer systems to function needs cybersecurity insurance,” Anglim says. But because cyber coverage is still relatively new, not all cyber insurance policies are created equally, Anglim warns. Here are three smart practices to adopt when looking for a cyber security insurance provider:

Engage Your IT Team Early

The underwriting process for cybersecurity policies is far more detailed and time-consuming than say, general liability or property insurance policy. And the prospective insurer is likely to ask a variety of questions about your company’s cybersecurity policies, such as whether or not your company has enabled two-factor authentication. An added benefit of involving your IT team: The process may help expose areas where your company needs to beef up its security policies in order to procure the insurance. “Many companies may be reluctant to do the work necessary to get the policy, but they need to get over that hump,” Anglim says.

Read More | 3 Tips On How To Protect Your Company From Ransomware Attacks

Understand What’s Included In Your Cyber Insurance Policy

When considering a vendor, make sure you understand when, where, and why you need coverage to avoid gaps that ending up costing you big in the event of a ransomware attack or other security breach. For instance, Anglim says many cyber insurance policies include access to sophisticated partners who are trained to respond to a ransomware attack. For instance, they may include the services of forensic technicians who can attempt to recover data without paying a ransom. Or, if a decision has been made to pay a ransom, a policyholder may be able to tap the expertise of experienced negotiators to handle the exchange and have access to bitcoin to pay the ransom within the limits of the policy. “These are all things that normal companies simply don’t have the expertise and abilities to do,” Anglim said, “but that’s the true value of a good cyber insurance policy.”