With the average cost of a data breach in 2022 being $4.35 million, cybersecurity is now a significant concern for many businesses.
To add additional layers of protection, many companies also enroll in cyber insurance plans. When an insured organization faces a cybersecurity attack, it can file a claim with its cyber insurance to minimize losses.
Due to the rise of cyberattacks and claims, cyber insurance companies require all applicants to complete a cybersecurity questionnaire to qualify for coverage. But why does the form matter? How do your answers influence your claims and coverage?
WEBIT Services has helped clients reach their IT and cybersecurity goals for over 25 years.
By reading this article, you will learn how your answers can affect your coverage, why this questionnaire matters when a claim is filed, and what types of questions you will find on the form and why these matter.
3 reasons your cyber insurance form answers matter
1. They determine whether or not your receive coverage.
Your cyber insurance provider will use your questionnaire to decide if you can receive coverage.
You will be denied coverage if your answers reveal a failure to follow security procedures. A business without decent cybersecurity practices is ripe for cyberattacks and poses a significant risk to its insurer.
Cyberattacks can cost you and your insurer thousands, if not millions, of dollars. If your company does not take the necessary steps to protect itself, your cyber insurance company will not want to absorb your risk. Poor security guarantees a cyberattack and financial loss.
On the other hand, an organization with good security will be granted cybersecurity coverage because it is less likely to experience a cyberattack. Fewer cyberattacks mean fewer claims filed.
2. They determine your insurance premium.
Your answers will also determine your premium for cyber insurance coverage.
If you are closely following a cybersecurity framework, you may be pleasantly surprised with a discounted premium. Solid security protocols decrease the risk for you and your cyber insurance provider, which is reflected in your premium.
However, if you loosely utilize effective security practices, your cyber insurance will come with high premiums. Without good security, you pose a greater financial risk to your insurer. As a result, cyber insurance companies will require higher premiums from riskier customers to compensate for the higher risk.
3. They are used when you file a claim.
When you file a claim, the cyber insurance company will send an auditor to evaluate whether or not you were, in fact, following the security procedures you listed in your questionnaire. If you were not, your claim would be denied.
This means that you can't simply fill out the form in a way that guarantees coverage. Instead, you have to practice the security measures you agreed to. If you lie about your cybersecurity protocol on your application, the auditor will find out, and your claim will be denied.
However, if you fill out the form honestly, the auditor will see this, and your claim will be accepted.
If you want your claims to be paid, you must follow the security strategies you agreed to within the questionnaire.
Talk to your IT provider or internal IT team if you do not understand the questionnaire or know if your company is following its outlined procedures. If you are not, it would be wise to implement the most important security practices before you revisit your cyber insurance application.
Questions on cyber insurance forms
Cyber insurance forms focus on cybersecurity practices outlined by the CIS and NIST security frameworks. As such, they ask if you use proactive cybersecurity procedures like:
- Two-factor or multifactor authentication.
- Phishing tests and training.
- Email security tools.
- The use of "End of Life" technology.
- Backups and continuity.
1. Two-factor or multifactor authentication
Two-factor or multifactor authentication (2FA or MFA) adds a step to login procedures. Once users enter their credentials, they are asked to provide a time-sensitive, random code to log in.
MFA makes it nearly impossible for cybercriminals to breach accounts.
Using MFA for account logins significantly reduces your risk of a security breach and cyberattack.
2. Phishing tests and training
In addition to regular cybersecurity training, it's essential to run phishing tests to verify that your employees know how to recognize and report suspicious emails. This helps minimize your likelihood of being "phished," lowers your chances of a cyberattack, and reduces risk.
3. Email security tools
Business emails should include filters and reporting tools to help minimize phishing attempts and spam messages.
Decreasing the number of spam and phishing emails helps increase productivity while reducing your risk of social engineering.
4. The use of "End of Life" technology
End of Life (EOL) technology is no longer supported by the manufacturer and won't receive security updates. Security updates address newly discovered vulnerabilities in the technology.
If you use technology after it's declared EOL, you expose your business to otherwise preventable cyberattacks.
5. Backups and continuity
When an IT disaster or cyberattack occurs, your organization must have an effective IT continuity plan and system backups. Without proper backups and backup storage, your systems and data could be wiped clean in an attack.
Without this data, your business will not be able to come back online, resulting in incredible losses.
Next steps for filling out your cyber insurance form
To reduce their own risk, cyber insurance companies look for clients who closely follow security framework guidelines. How closely a business follows the CIS or NIST framework will determine whether or not its insurance application is accepted and its premium rate.
If a company answers the form dishonestly and then files a claim, an auditor will discover that the promised protocols were not followed. As a result, the claim will be denied.
Talk to your IT provider or internal IT team when you're looking for cyber insurance. Your IT expert may have recommendations for a cyber insurance provider, and it can help you review and answer the application questionnaire.
If you find you are answering "no" to many of the questions, discuss it with your IT provider or team. For example, "Why are we not following these protocols? What are we doing instead? How can we apply these practices in our business?"
If your IT provider or team cannot answer these questions or work toward a resolution, it might be time to consider a new IT partnership.
For over 25 years, WEBIT Services has helped hundreds of clients build successful IT strategies, processes, and security practices.
If you are looking for a new IT provider, schedule a free 30-minute consultation to see how WEBIT can help.
If you're not ready to talk to our team of experts but would like to learn more about IT security and cyber insurance, we recommend the following articles:
