“Do I Really Need Cyber Insurance?”
Leia Kupris Shilobod, CCP, CISM
Chief Security Officer | Author | Speaker | CMMC RPO & CCP | IT Princess of Power | SuperWoman
Short Answer: YES.
Longer Answer: Clients, prospects, and other IT Providers ask me this on the regular. In fact, in June, I was asked to speak to 3,000 IT Providers and internal IT about this very thing.
Insurance does not protect you from major incidents, it transfers risk related to ransomware incidents. This means you need to assess the risk cyber incidents may pose to your business and implement strategies to mitigate that risk.
What does that look like? If you’re an InTech client, we’re having Strategic IT or Risk Management Meetings with you were we are assessing the risks together and bringing forward potential solutions to mitigate the risks.
If your IT provider doesn’t do this with you, the insurance questionnaire is a great mechanism to get your organization talking about the risks – and what changes you should make to mitigate them.
Every business will have an Incident, so you need to assure you’ve got an Incident Response Plan (IRP). You should also be performing tabletop exercises (a walkthrough of how you respond to an incident) AT LEAST once a year.
You also need to thoroughly understand your cyber insurance policy requirements for what actions you need to take when you have an incident. If your MSP responds and that response is not in line with your policy requirements, they could void the ability for your claim to be paid.
And please, please, please, DO NOT simply hand your insurance questionnaire to your IT Provider and expect them to answer it without you. You must understand the questions and answers. This is YOUR application and you're signing it, so it’s your risk.
LEIA SHILOBOD – CEO of InTech Solutions, CISM, author of Cyber Warfare: Protecting Your Business From Total Annihilation and The Three Indisputable Rules Every Manufacturer Must Know Before Purchasing Any IT Product or Service and staring in the new movie: Cybercrime – The Dark Web Uncovered.
As a cyber security advisor and CMMC Compliance SME, Leia speaks frequently and has been heard at IT Security Conferences, Harvard, IUP, and MEP’s.
Also known as the “IT Princess of Power," Leia saves mid-market firms from hackers and keeps them compliant by delivering enterprise-class IT security solutions that would otherwise be cost prohibitive.
Senior Risk Advisor - Property & Casualty - International Man of Surety
2yHappy to help your clients with this, and any other questions they have in the commercial property & casualty space.
CCA, Cybersecurity, Quality Auditor @ CPISys | ISO, CMMC Compliance
2yThanks Leia Shilobod, CISM, this is too important to ignore.
I go into networks and audit the network security, or lack of security... I have seen a lot. I work with you to improve your security, create your disaster recovery plan and make things work faster.
2yIf you're in healthcare and if you do incur ransomware, and you miss payroll, your best people will feel your business is about to die. They will leave. That ransomware check from the insurance company can help you pay the OCR fines. It will not help you recover your reputation after sending out the embarrassing press release or get your best people to return. #cyberinsurance