Cyber risk continues to evolve at a breakneck pace.
Insurers are working to keep up by customizing policies and endorsements based on the size and business model of the insured. At last week’s third annual International Cyber Risk Management Conference, Matthew Davies, Assistant Vice President of Chubb Insurance Company of Canada, outlined a few key points on what cyber security practices a small organization to already have in place when looking to procure cyber insurance.
Davies’s insight allows us to learn more about what insurers are particularly keyed in on.
1. Implement an Employee Education Program
Small companies should have an employee awareness training plan that teaches employees to identify and avoid cyber threats such as phishing scams, infected emails, and sharing password/login credentials.
2. Inventory Personally Identifiable Information
Companies should know what PII data they are collecting, where it is stored, who has access to it and what happens to it when they are done with it.
3. Develop and Test Business Continuity and Incident Response Plans
The expectation of small firms having and testing these plans may be unrealistic, but that shouldn’t deter smaller firms from working toward developing them. Business Continuity and Incident Response Plans are critical elements when remediating and recovering from a cyber incident. They will provide guidance on who handles what and the sequence of events that should occur during a hectic situation.
Additional resources:
