Cyber insurance is a must. For full coverage, you need to understand your risk posture—and conduct an advanced penetration test. rn There are certain basic questions that both current and prospective cyber insurance policy holders will ask you when purchasing a policy. What terms should be included? What are the important aspects? And of course, why? The answers to these questions are extremely complex, as cyber insurance is in its early infancy stages. Quantifying the risks of loss associated with those policies is near impossible. And understanding the effects of breaches and what needs to be covered isn’t exactly straight forward. There are simply no easy answers (sometimes no answers at all), but here’s a high level overview of what you should consider when purchasing a cyber insurance policy. Ask for retroactive coverage when first signing a contract. It takes an organization an average of 256 days to identify a cyber attack. Some insurers will cover this (often at an additional premium), some will not. One way to lower the risk to do advanced penetration test. Through those tests, previous breaches or attempts at attacking the network are often identified. This will lower the risk of having to make a claim retroactively. Make sure to get coverage for claims resulting from vendor errors in addition to your own. The high-profile Target breach in 2013 opened organizations’ eyes to the importance of vendor management. Similarly, if you handle any sensitive data for others, you need to make sure your liability to them is covered. Make sure to include coverage for any loss of data. That especially includes incidents due to employees or others who could unintentionally contribute to a data breach, exposure or loss. While we often think about cyber breaches as theft from cyber criminals, sometimes the threat is “inside the house.” Make sure to clearly understand your policy’s coverage. Of course, claims relating to a “cyber-attack” on your physical systems are evident. But what happens when that also leads to an additional physical breach of some sort?We repeated find that cybersecurity is no longer just related directly to an organization’s server and PC environment. It crosses into nearly every physical asset of an organization as well. Door locks, security cameras, phone systems, HVAC, and all types of control systems are routinely accessible and exploitable. This adds another level of complexity to cyber insurance policies, as the lines become very blurred when it comes to which insurance product covers the physical aspect of a breach. Be sure to ask your insurer for a lower rate after an advanced penetration test is conducted and findings have been remediated. Cyber risk is extremely difficult for insurers to quantify, leading to policies that are more customized than non-cyber policies, and therefore could potentially be more costly. So will your insurer give you a break on our cyber policy if you get the advanced penetration test? While the answer is often “no,” we have recently been hearing “yes.” A few insurers are beginning to understand the benefits of this offensive approach to cybersecurity. Cyber insurance is not a luxury, but rather a must-have in these turbulent times. The trick to getting the right coverage is a full understanding of your risk posture—and an advanced penetration tests to keep the costs down. Related content brandpost Sponsored by HORNE Cyber Modern Cyberattacks: Tradecraft on Your Network Cyberattacks donu2019t always trip the sensors, alerts, and level of traffic set by network security. In reality, your most dangerous cyberattackers are likely to be operating under your radar.rn By Wesley McGrew Jul 27, 2017 3 mins Security brandpost Sponsored by HORNE Cyber Being a Compliant Victim of Cybercrime Security must extend beyond mere compliance to protect the entirety of your business. Weu2019re talking about offense-oriented testing of your whole network. rn By Wesley McGrew Jul 27, 2017 2 mins Security brandpost Sponsored by HORNE Cyber Cybersecurity Spending: Are You Patching Holes or Checking Boxes? Cybersecurity spending is a complex question that really comes down to your needs. There is always a vendor waiting in the wings to sell you anything, so ask these key questions before you make any investment. rn By Brad Fuller, Director of Operations Jul 20, 2017 4 mins Security brandpost Sponsored by HORNE Cyber Their Breach is Your Breach As password policies become ever-stronger, users have a more difficult time committing them to memory. The most popular workaround is password reuse, a technique that hackers can leverage to breach your systems and servicesu2014as easily as those you By Wesley McGrew Jul 18, 2017 3 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe