There are proactive measures you can implement in your business to ensure that you cover all bases when reviewing your cyber insurance needs. Following these tips will provide insurers with your action plan for mitigating cyber risks in your business, increasing the likelihood of securing competitive insurance terms and demonstrating that you’re prepared for any eventuality.
1. Conduct a cyber risk assessment
One of the major mistakes businesses can make is not preparing in case of a cyber incident. The UK Government’s Cyber Security Breaches Survey reported last year that only 29% of UK businesses have undertaken a cyber risk assessment.¹ Conducting a risk assessment will help you identify any vulnerabilities in your information systems, networks, and processes. This includes weaknesses in hardware, software, and human factors that could easily be exploited by cyber threats.
Cybersecurity insurance providers often require businesses to conduct regular risk assessments as part of their coverage. Demonstrating a proactive approach to managing cyber risks can positively impact insurance premiums and coverage terms.
2. Be transparent about your cyber vulnerabilities
Acknowledging any weak points in your online operations can help your insurance provider have a better overall view of your requirements and can help quantify the potential impact and likelihood of various cyber threats. This involves openly communicating any identified vulnerabilities or weaknesses in their systems and networks, as well as providing details about past incidents and the measures implemented to address similar risks moving forward.
This enables organisations to prioritise and allocate resources effectively based on the level of risk associated with different assets and processes and works in their favour to enhance their risk profile, contributing to a more favourable perception by insurers.
3. Follow best practices
Enforcing strategies within your workplace to take all necessary steps to prevent cyber attacks will help you maintain a clear claims history, which could help to reduce your insurance premiums. This includes training your people in good cyber hygiene in order to avoid phishing scams, data loss, malware and ransomware attacks, and more.
We set out our top 5 cyber security tips for cyber policyholders looking to bolster their protection against cyber criminals in this article, where you can find out more.
4. Obtain a cyber accreditation
While not compulsory, a cyber security business accreditation can provide compelling proof that your business is following effective procedures to guard against cyber attacks. For organisations bidding on central government contacts where the work involves handling sensitive information, a Cyber Essentials or ISO certification is often required as a standard.² ³
In terms of insurance, it’s worth looking into recognised certifications such as these to show insurers you are investing considerable resources into this area, as you will also be audited on an annual basis to maintain them. However, the benefits of an accreditation extend far beyond insurance: you will be reassuring customers of your cyber commitment, and it may even help to encourage new business.
5. Keep software updated
Outdated software lacks the necessary targeted updates from operating system providers that patch out vulnerabilities and exploits that are known to cyber criminals. In 2022, NHS England was hit by yet another ransomware attack due to the abundance of outdated software used within the health service⁴, even after the WannaCry ransomware attack in May 2017.⁵ Ensure to roll out updates to your devices company-wide within 14 days of the update being released, and that your settings are configured so that they can’t be cancelled by the user.
6. Prove you have an incident response plan
While the majority of organisations say they will take action following a cyber incident, only a minority have processes already in place to support this, with just 21% of businesses implementing a formal incident response plan.⁶
Whether your organisation has 10 people or 10,000, putting guidance in place on how to handle incidents will help you make good decisions under the pressure of a real incident, and will minimise the impact of a potential loss. The National Cyber Security Centre advises how to create a cyber incident response plan here.⁷
7. Create an incident response team
In the event of a cyber incident, ensure that your operations team knows who will do what if the worst were to happen. Who will communicate to staff and clients, and how? Who will organise secondary devices if needed? Who will obtain backups from a secure location? Depending on your circumstances, you will need to consider these questions and plan who will be responsible and review your plan on a yearly basis.
8. Hire a cybersecurity professional
For larger enterprises or those regularly dealing with sensitive customer data, having in-house personnel responsible for your core digital assets might be the best option for detecting potential threats and bolstering your defences, leading to a more secure and resilient system.
Benefits range from safeguarding sensitive data and mitigating risks to ensuring compliance with ever-evolving industry standards; cybersecurity specialists offer unique services to enhance your organisation’s security posture.
9. Know your policy coverage
Organisations should be aware of the responsibilities they must uphold for their cyber insurance policy to pay out in the worst-case scenario. Any failure to meet insurance terms may lead to the insurer not paying out.
For example, your broker will advise you that for most minimum cover insurance, you must have firewall protection, antivirus software and backup procedures in place. Depending on your chosen policy, the requirements may be different.
10. Work with an experienced broker
NFP’s cyber security professionals stay ahead of the latest trends and threats, and our network of diverse risk professionals ensures that we provide holistic, forward-thinking solutions. The result is a tailored cyber insurance solution that is best suited to your business needs and goals.