Insurance Companies Are Asking My Business About Its Cybersecurity. What’s the Deal?

You might have noticed that business insurance companies are starting to show an interest in how you are protecting your technology and data. If your org has been in touch with your insurance provider regarding modifying or renewing your business insurance, you were likely handed a lengthy questionnaire about your cybersecurity. Let’s take a look together to help you make informed decisions on how to handle your IT and how to prevent your insurance costs from skyrocketing.

Help! My Business Insurance Company is Asking Questions About My IT!

It might come as a shock to some business owners when they receive a long questionnaire with a lot of technical questions from their business insurance agent. Every provider will be a little different, but in our experience, they are generally asking questions about who handles your IT, how many endpoints you have, what vendors you use, and questions about your backup, cloud hosting, and cybersecurity.

We’re talking about insurance here, so it’s obvious that your answers to these questions could play a role in your actual coverage, your insurance premiums, and in some situations, whether you are actually eligible for coverage.

We’ve been getting questions about this a lot lately, both from clients and other New Hampshire businesses who are worried that they might lose coverage because their IT isn’t as organized or as up-to-date as their insurance provider wants it to be.

It’s a stressful situation, for certain.

Let’s Take a Look at What Your Insurance Company is Asking

Every insurance company is going to be handling this a little differently, and there will be even more variables depending on the industry you are in, the size of your organization, and a few other factors. 

Generally though, the big questions cover more or less the same handful of topics:

  • Do you store sensitive information?
  • If so, where, and how do you back it up?
  • What kind of security policies do you enforce (strong passwords, multi-factor authentication, etc.)?
  • Who is responsible for the management and upkeep of your information technology?
  • How are you protecting electronic correspondence?
  • Are you providing security awareness training and testing in your organization?

If you are in the healthcare industry or the financial industry and work with even more sensitive information than most other businesses, there are already strict regulations to meet, and your insurance provider might want to make sure you are following those guidelines as well.

It’s important to know that your insurance agent doesn’t know anything about what’s in place at your business when it comes to your technology. Your rep probably isn’t especially technical either, which can add to the confusion. Sometimes they might be able to give you some deeper insight into what the most important questions are, but in a lot of the cases we’ve seen, the insurance provider can’t really offer much in the way of guiding your business to meet their compliance standards. 

And honestly, we wouldn’t expect them to. That’s not their role.

Don’t Do This for the Sake of Your Business Insurance

Sure, if you can make some changes to your IT to reduce your overall insurance costs, then that’s a nice win. However, business owners shouldn’t be taking these steps just because your insurance company told you to do so. Forget the savings on your insurance, and look at this as an opportunity to do the right thing for your business.

There’s a reason insurance companies are asking questions about cybersecurity—modern cyber threats have become a much larger problem over the past few years, and it’s only going to get worse. Even for a smaller business, a particularly bad ransomware attack can cost thousands and thousands of dollars. Plus your organization can lose a lot of time dealing with threats, to the point where one attack could put you out of business.

A lot of the standards that your insurance company is looking for aren’t necessarily expensive fixes either. It’s less about throwing money at the wall and more about making sure things are done properly and that your staff understands how to keep your data secure.

Let’s Consider Your Business’ Insurance Requirements

We’ve been helping businesses make sense of cybersecurity requirements and compliance requirements for a long time, and we can help your business review the requests made by your insurance provider and make sure you are doing what’s best for your business.

If you have any questions or want to review your insurance requirements together, give us a phone call at (603) 889-0800.

White Mountain IT

Related Posts

Why You Need a Custom IT Strategy for Your Business

Alignment with Your Business Objectives A custom IT strategy ensures that technology investments and initiatives are aligned with the organization's overall business objectives. It helps IT departments prioritize projects that directly contribute to the company's success. Many of these decisions are based around the acquisition and support of technology and how it aligns to help them achieve thei...

You Need to Have a Business Continuity Plan for Your SMB

Business technology is known to be remarkably finicky, particularly if you do not have the requisite knowledge to manage and maintain it. After all, there is a reason why you hire an IT department or a managed service provider to handle this role. What happens if your technology fails, though? Do you have a plan in place? What does a plan like this even look like, anyway? Let’s dig into the detail...

How to Transition to or Establish a New Office Location

It’s always exciting when you can expand your business’ influence with a new location, but this excitement brings with it all kinds of complications. There’s always something, whether it’s the technology for the new location or the logistics surrounding the opening. Let’s look at how you can make sure that technology is not the thing that holds your business back from opening a new location. All ...

Don?t Take Any Chances: Get a VPN Today

Encryption The primary technology at work with a VPN is encryption, keeping any data secure while it?s moving to or from your network. With this encryption in place, it becomes much more difficult for an unauthorized user to steal or snoop on your data. Data Integrity VPNs can also ensure that your data?s integrity is sound. When it gets sent over an encrypted connection, you can know with conf...