Insurance Companies Are Asking My Business About Its Cybersecurity. What’s the Deal?

You might have noticed that business insurance companies are starting to show an interest in how you are protecting your technology and data. If your org has been in touch with your insurance provider regarding modifying or renewing your business insurance, you were likely handed a lengthy questionnaire about your cybersecurity. Let’s take a look together to help you make informed decisions on how to handle your IT and how to prevent your insurance costs from skyrocketing.

Help! My Business Insurance Company is Asking Questions About My IT!

It might come as a shock to some business owners when they receive a long questionnaire with a lot of technical questions from their business insurance agent. Every provider will be a little different, but in our experience, they are generally asking questions about who handles your IT, how many endpoints you have, what vendors you use, and questions about your backup, cloud hosting, and cybersecurity.

We’re talking about insurance here, so it’s obvious that your answers to these questions could play a role in your actual coverage, your insurance premiums, and in some situations, whether you are actually eligible for coverage.

We’ve been getting questions about this a lot lately, both from clients and other New Hampshire businesses who are worried that they might lose coverage because their IT isn’t as organized or as up-to-date as their insurance provider wants it to be.

It’s a stressful situation, for certain.

Let’s Take a Look at What Your Insurance Company is Asking

Every insurance company is going to be handling this a little differently, and there will be even more variables depending on the industry you are in, the size of your organization, and a few other factors. 

Generally though, the big questions cover more or less the same handful of topics:

  • Do you store sensitive information?
  • If so, where, and how do you back it up?
  • What kind of security policies do you enforce (strong passwords, multi-factor authentication, etc.)?
  • Who is responsible for the management and upkeep of your information technology?
  • How are you protecting electronic correspondence?
  • Are you providing security awareness training and testing in your organization?

If you are in the healthcare industry or the financial industry and work with even more sensitive information than most other businesses, there are already strict regulations to meet, and your insurance provider might want to make sure you are following those guidelines as well.

It’s important to know that your insurance agent doesn’t know anything about what’s in place at your business when it comes to your technology. Your rep probably isn’t especially technical either, which can add to the confusion. Sometimes they might be able to give you some deeper insight into what the most important questions are, but in a lot of the cases we’ve seen, the insurance provider can’t really offer much in the way of guiding your business to meet their compliance standards. 

And honestly, we wouldn’t expect them to. That’s not their role.

Don’t Do This for the Sake of Your Business Insurance

Sure, if you can make some changes to your IT to reduce your overall insurance costs, then that’s a nice win. However, business owners shouldn’t be taking these steps just because your insurance company told you to do so. Forget the savings on your insurance, and look at this as an opportunity to do the right thing for your business.

There’s a reason insurance companies are asking questions about cybersecurity—modern cyber threats have become a much larger problem over the past few years, and it’s only going to get worse. Even for a smaller business, a particularly bad ransomware attack can cost thousands and thousands of dollars. Plus your organization can lose a lot of time dealing with threats, to the point where one attack could put you out of business.

A lot of the standards that your insurance company is looking for aren’t necessarily expensive fixes either. It’s less about throwing money at the wall and more about making sure things are done properly and that your staff understands how to keep your data secure.

Let’s Consider Your Business’ Insurance Requirements

We’ve been helping businesses make sense of cybersecurity requirements and compliance requirements for a long time, and we can help your business review the requests made by your insurance provider and make sure you are doing what’s best for your business.

If you have any questions or want to review your insurance requirements together, give us a phone call at (603) 889-0800.

Related Posts

Six Reasons Your Laptop?s Battery is Dead

Battery Capacity The obvious answer is that the capacity of the laptop battery plays a crucial role in determining how long it can power the device. A lot of times, smaller and thinner laptops often have batteries that aren?t big enough as they aim to maintain a lightweight and portable design. Power-Hungry Components Some laptops come equipped with power-hungry components, such as high-perform...

Here are the Basics of the 3-2-1 Backup Rule

The 3-2-1 rule is a pretty standard reference for data backup and disaster recovery, but what does this rule actually entail? Today, we want to explain perhaps the most important concept to prolonging the life of your business, even in the face of difficult and trying circumstances. Explaining the 3-2-1 Rule In essence, the 3-2-1 rule references your backups, which are pivotal in your business...

Browser Hijacking Attacks are a Serious Threat

Understanding Browser Hijacking Attacks Browser hijacking attacks involve the stealthy installation of malicious software onto a user's web browser. This malware can range from adware and spyware to more sophisticated forms like ransomware and keyloggers. The primary goal of these attacks is to gain unauthorized access to sensitive information or disrupt the user's browsing experience. Common Te...

Smishing: A Variety of Phishing Attacks Utilizing SMS

The Dangers of SMS Phishing, or ?Smishing? Ultimately, any plot carried out by a scammer that is trying to either pose as someone else or urge the user to do something particularly dangerous could be considered a phishing attack. This kind of definition goes beyond simple email scams, where you get a message in your inbox urging you to click on links or download infected attachments. There are ot...