Responding to a SME leader’s question
Thank you for asking that question.
SME business leaders are struggling with cyber-insurance decisions.
Often, SME business leaders seek simple and clear guidance on cyber security and fail to find it. They view cyber risk insurance as confusing and tricky.
Our advice on insurance is not legal advice. It is business advice based on our experiences, including our clients’ experiences.
In summary, more than ever, it is important to understand all the ‘fine print’ in insurance paperwork.
For cybersecurity decisions, start with risk management principles and consider your budget capabilities/realities. Discuss the concept of management of risks…that’s the way we would begin if you wanted our strategic assistance. Look at all your IT risks and focus on cyber-risks as a component of those IT risks.
With all your other urgencies and priorities, you may not want to approach risk management strategically at this time. On the other hand, it is unwise to make uninformed cyber-insurance decisions.
About specific cybersecurity initiatives like this cyber-insurance quote –
At first look, the pricing in the quote is reasonable. Yes – there is value in cybersecurity insurance…but, only if the insurer will pay claims. Take care – some applications contain rights for the insurers that are buried in fine print and application/affidavit questions.
Insurers are continuously adding complexity and new insurer rights to cyber applications/policies. It is important to understand the details of their application questions. Sometimes, we must ask questions to ensure clarity around certain parts of insurance applications. Brokers/agents cannot answer certain questions. They must get advice from their legal/tech colleagues. On occasion, we have had to dig deep to obtain clear answers.
Our opinion is: many insurers intentionally present application questions that provide them rights to avoid paying claims.
The quote you shared with us has expired. You could ask them to provide an updated quote and their application form(s) if they have not already sent those details to you.
Also, the app tool they presented illustrates key areas…we can discuss those items and other areas of cyber risk. We have a set of basic recommendations and will explain basic and advanced defensive actions.
If/when you have more application details, can you send them to me.
Also, it would be good to explore this insurance company’s record. That is – do they tend to pay claims?
The application contains several blank lines for presenting responses and boxes that need to be ticked. These help the insurer understand your situation. Accuracy is important because inaccurate answers could result in no coverage in the event of a claim. The insurer may ask questions to gain an understanding of details related to the line items/boxes.
You should consult your IT service provider to confirm technical details for the various line items and tick boxes. It would be good to get short descriptions for each response that confirms a control is in place. We can help with that.
If you or your IT person needs help then please let me know.