Cyber Sessions: What to know about insurance

(Editor’s note: This is the ninth installment of a monthly column on the growing number of cyberthreats facing businesses of all sizes and what they can do about it. See previous installments here.)

The barrier to entry that businesses face in obtaining cyber liability coverage has continuously and significantly grown the last couple of years. Many insurance providers are now mandating that customers undergo more thorough risk assessment processes, prior to even offering coverage.

Even for existing customers, the bar has been raised for cyber coverage. Business leaders are now challenged to maintain affordable coverage. As scary as it may seem, I have seen many organizations denied cyber liability insurance over the past year.  As part of the risk evaluation, businesses may be required to undergo regular security audits, adjust security controls or even invest in new security tools or hardware to meet insurance requirements.

There’s also the potential for gaps in coverage. Insurance policies can be extremely complex, and businesses may not fully comprehend what you are protected against. On top of that, some policies may have exclusions for specific types of cyberattacks, leaving businesses vulnerable. It’s important for leaders to carefully review their policies and work with their provider to make certain that they have adequate coverage for their unique business risks.

- Advertisement -

Because cybersecurity risks and threats are constantly evolving, insurance providers have no choice but to require businesses meet industry best practices and standards. While this will only help move organizations toward a more resilient posture, these mandates can also be extremely challenging for small and midsized businesses, who may not have the staff, budget or resources to stay up to speed with the latest best practices.

By prioritizing cybersecurity and cyber-risk management as a business objective, leaders can protect their organizations and stakeholders from the potentially catastrophic consequences of a cyberattack. These best practices and strategies will also help you to overcome many of the challenges associated with cyber liability insurance.

Implementing a comprehensive cyber-risk management program will help to identify and assess cyber-risks, develop plans to mitigate those risks, and ways to respond effectively in the event of a cyberattack. This will also help minimize the financial impact of a successful cyberattack.

By regularly assessing and updating cybersecurity controls and practices, businesses can see how they measure up to standards and best practices.  Conducting regular cybersecurity audits help businesses identify vulnerabilities, gaps in your program and assess their overall cyber-risk.

Having a corporate culture that embraces cybersecurity as a shared responsibility across the entire business is critical for the success of your program. Having a structured cyber awareness program can support the development of a culture of security and educate personnel on how to identify and respond to cyber threats. Not only does this help to reduce the risk of a successful cyber-attack but also aids in your business’s ability to obtain and maintain coverage.

As cybersecurity regulations continuously evolve, business leaders must stay abreast of the latest requirements not only to be adherent but in many instances to maintain coverage. By working in lock step with providers, leaders can stay informed about regulatory changes and make certain that they are meeting all necessary requirements.

Most of all, it is critical to work with skilled partners.

Having an experienced insurance broker, who focuses on cyber resilience and understands the current landscape, will help your business navigate the complicated world of cyber liability insurance. Couple that with a strong cybersecurity partner, who can assist your organization in assessing risk, build and execute on remediation plans and provide industry expertise on building a strong cybersecurity program will bolster your business resilience and minimize risks.

Next month: The White House national cybersecurity strategy.

(Jason Albuquerque is the chief operating officer of Pawtucket-based Envision Technology Advisors LLC. You can reach him through