Like many business leaders you may be considering purchasing cyber liability insurance. If so, you are likely wondering what it is (and, equally important, what it is not,) how much it could cost, and what questions you’ll need to be prepared to answer.
In this article, I’ll provide a list of 9 questions insurance providers commonly ask during the application process. In my role as president of a business that recently applied for cyber liability coverage, I have firsthand information that can help you.
In addition, since our company provides IT support services for businesses in Connecticut and beyond, I have an even greater understanding of the questions and why they are important when purchasing cyber liability insurance. But, don’t worry, I’m not here to convince you to buy insurance or even to work with an IT provider like us.
Instead, the goal of this article is to provide the facts, so you can make an informed decision about the best way to protect your business.
This article includes information from Mike Piergallini, a cybersecurity insurance expert at Evans, Pires & Leonard.
What Is Cyber Liability Insurance?
Cyber liability (also known as “data breach” or “privacy”) insurance policies are designed to cover specific losses that may result from electronic activities including email, video conferencing, data collection and storage, and more.
According to the Travelers insurance company website, cyber liability insurance policies provide a business with a “combination of coverage options to help protect the company from data breaches and other cyber security issues.”
Some policies also provide financial and professional resources to help organizations recover from cyber attacks.
Related article: Cyber Liability Insurance: What Is It? Why Is It Important?
What Is Cyber Liability Insurance Not?
Cybersecurity insurance is not a perfect solution that will cover all of your expenses and damages resulting from a cyber attack. It is one part of a comprehensive solution.
9 Common Questions When Applying For Cyber Insurance
You will be asked a series of questions when applying for cyber liability insurance coverage. I list here 9 of the most common, but this is by no means a comprehensive list.
Among the most common questions you are likely to be asked are the following:
1. Do You Use Multi-Factor Authentication (MFA)?
MFA provides another layer of security on top of a traditional username and password. It typically requires your username, your password, and something else such as a code from your cell phone, token, or fob.
MFA adds another level of complexity that somebody has to get through before they can get to your data.
Related article: What Is Multi-Factor Authentication (MFA)? Do I Need It?
2. Do You Provide Employee Security Training?
When it comes to security, employees can be your greatest protector or your weakest link.
Regular security training keeps employees abreast of the latest cybersecurity tactics and tricks. Give employees the training, education, and tools they need to recognize and thwart cyber attacks.
By keeping cybersecurity awareness top of mind for users and providing the tools they need to take action, you engage them as a highly trained human firewall for your IT network and your data.
Related article: Why Is It Important To Provide Security Awareness Training For Employees?
3. Do You Monitor For Unauthorized Access?
It’s important to have real-time visibility into all devices that access your network.
You can’t protect against malicious activity if you don’t know the devices gaining access. And knowledge after the fact is helpful, but knowing in real-time can enhance your response time and limit the impact.
Related article: What Is Infrastructure Monitoring? How Does It Prevent Cyber Attacks?
4. Do You Back Up Your Data?
Data backups are key to disaster recovery, but it’s not enough to back up your data. You need to know how to access backups before disaster strikes.
Practice data recovery drills regularly to ensure that everything works and you don’t have to learn in the midst of a crisis.
Related article: Data Backups Are Key To Disaster Recovery
5. Do You Have Endpoint Protection?
Endpoint protection prevents file-based malware attacks, detects malicious activity, and provides the tools you need to investigate and remediate security incidents.
6. Do You Use Encryption?
Encryption protects data in transit and at rest. End-to-end encryption is the best, most effective tool for protecting data. What algorithms do you use? How do you deal with end-of-life issues?
Related article: 5 Ways to Protect Business Data From Hackers & Scams During Tax Season
7. Do You Limit Access To Data & Systems?
There are two levels to this question:
Data Access
The first level is limiting access to data.
Physical Access
The second level is limiting physical access to things like servers and administrator access to make changes to devices and systems.
Related article: What Is Role-Based IT Access? Benefits for IT & Users
8. How Do You Install Updates & Patches?
While many small and medium-sized businesses install updates and patches manually, cloud-based solutions automatically push the latest versions to all devices.
These updates and patches often include security enhancements, making them vital to the protection of your data.
Related article: 10 Ways To Protect Your Business From Malware Attacks
9. Do You Have A Disaster Recovery Plan?
Insurance providers want to know that you are proactive when it comes to recovery. Their money is on the line as well as yours.
Related article: 10 Steps To Include In Your IT Disaster Recovery Plan
What’s Next?
In this article, we’ve explored cyber liability insurance. You now have an understanding of what it is and some of the questions you are likely to encounter in the application process.
At this point, you might have an internal IT team that can help you interview and select a cyber liability insurance provider. You may have business colleagues that can recommend a reputable firm.
Consider your risk and your industry when making this important decision. You’ll want an insurance provider that is experienced with working with other customers in your industry as well as similar sized organizations.
Their experience will come into play not only in right-sizing your policy, but in having the specific resources that your business will need in the event of a cyber attack.
At Kelser, we provide comprehensive managed IT solutions that mitigate risks before (rather than respond to) cyber attacks.
We know that managed IT isn’t right for every organization, but if you find yourself looking for proactive IT solutions and want to learn more, find out what managed IT support services include and what it costs.
Wondering what other options exist for external IT support? Find out the pros and cons of break/fix IT support.
Or click the link below for a free managed IT checklist which you can use to:
✔️Evaluate your current IT infrastructure and processes
✔️Identify your current IT gaps versus what your business needs
✔️Ensure that your organization has the technology it needs to be successful 
Whether you are looking for IT support or insurance coverage, evaluate several options to ensure you find a provider that is the right fit for your business.
Just like any other purchase, doing your due diligence will ensure that you end up with the right solution for you.
