Cyber insurance policies have existed since the early 2000s. Businesses going online wanted safeguards against risks associated with evolving cybersecurity threats. A cyber insurance policy is just a starting point; your business also needs to understand the insurer's expectations of you. Otherwise, you might find your claim gets denied.

As with most professional liability policies, your cyber insurance may have exclusions, including:

· rogue employees;

· wild viruses;

· regulatory claims;

· fines and penalties;

· property damage.

Cyber insurers also may not pay out if they find "a failure to maintain." This might also be "failure to follow" specific standards of care. But what does it mean? It's the online version of negligence.

Standard of care expectations

Insurance companies want proof that your business takes proper precautions to prevent cyberattacks. You risk a denied claim if you can't show you've implemented robust security measures.

Your insurance doesn't want to pay out. So, they're going to require you to put protection in place. This can be an internal or a third-service provider (such as a managed service provider (MSP).

Your security approach must be comprehensive. Relying on antivirus software, for instance, is unlikely to satisfy your insurance provider. It's best to map out all your technology so that you can identify every endpoint that needs protection. Add active threat detection and response tools to your arsenal, too.

You'll also need to show that you're securing your supply chain. A breach exposing 40 million debit and credit cards started at a retailer's HVAC vendor. Target estimated the breach cost $202 million. This was in 2013, but attack type remains a real threat due to digital interconnectedness.

Insurers also want evidence of effective employee training because humans are the weak link. Your staff may not mean to do wrong, but they are the ones with weak passwords or misplaced devices and who may be downloading malware.

Expect insurers also to want you to have the following:

· encryption to secure data;

· multi-factor authentication to make unauthorized access more difficult;

· virtual private networks (VPNs) to secure connections between computers and the internet;

· regular data backup;

· company policies and processes to respond to cybersecurity incidents.

· Cyber insurance evolves, too

As the cyber environment is always evolving, insurers are regularly adapting. They may have quoted coverage for a particular risk but changed their policies to decline that risk a year later. It's one more thing to keep abreast of while working to secure systems against cybercrime.

Have questions about your cyber insurance policy? An MSP can review your security policy and ensure you're doing everything to maintain coverage. Our experts can also run regular audits and provide proof of your efforts. We are currently offering a free basic audit of your system. Contact us today at 860-304-7504