Cyber Insurance Requirements for Businesses

February 8th, 2023
Cyber Insurance Requirements for Businesses


If you’re an insurance company, you already know this secret, but if you are in any other industry in South Florida, you may often forget this fact: Insurance companies – like the rest of us – are in it for a profit, NOT to pay out policy claims!

There has been a huge shift in how much profit vs claims insurance companies would have paid out to their clients. It used to be that carriers were keeping 70% of premiums as profit and only paying out 30% in claims. Today, it is the opposite. Carriers have had to completely change the cyber-security policies that they require from their clients. Here are a few of the things that you would need to have in place to be sure that in the instance of a breach, your insurance company would actually cover the cost.

  1. Two-Factor Authentication
  2. This is a simple fix, but if your IT company or IT guy has not implemented 2FA or MFA on your business applications, they are being both lazy and negligent. Today, multi-factor authentication is required for tightening up security in your organization.

  3. Password Management
  4. If your employees keep a written list of passwords at their desk – especially if they have covered their monitor with post-it notes of passwords, this is a huge security risk. A password manager will remedy this problem. It will also encourage employees not to use the same password for every account.

  5. EDR- Endpoint Detection and Response
  6. It used to be that anti-virus was enough to protect your small to medium-sized business, but one security tool we are now requiring all of our clients to use is EDR. EDR analyzes data through monitoring to identify threat patterns and respond to threats by removing or containing them. If your IT guy or IT company has not discussed this with you, they are putting your business at risk.

  7. Tested and Proven Data Backup Solutions
  8. South Florida Data Backup must be tested. In the case of a hurricane, if the server room is flooded and the off-site backups are not working and tested, how would you know that you won’t lose everything that your IT company is claiming to have backed up? Unless they do random file and folder restores, you cannot be sure your backups are safe.

  9. Employee Cyber-Security Training
  10. There are many training modules to choose from, but it is important to build in to your employee onboarding procedures time to learn about threats like phishing attacks, what not to click, work from home policies and bring your own device best practices.

  11. YOUR enforcement of documented and implemented policies and procedures
  12. Ultimately, the responsibility is YOURS. How you write your policies, how you train your employees, how you model good practices, and how you make cyber-security a part of your every-day company culture.

We would love to meet to discuss all of the things you can do to make sure that your cyber-insurance company would actually cover a claim in the case of a breach. Please reach out to us to learn how to lock down all of your practices to keep up with the ever-changing tactics of cyber criminals.