Cybersecurity insurance is an increasingly important component of your financial institution’s overall information security program. When a data breach or other hostile technology event occurs, cybersecurity insurance proceeds can provide funds to repair your hardware, recover intellectual property, and even pay for the work you do to reverse adverse reputational impacts.
However, the process to apply for a policy requires care, just as with any other form of insurance. Our team has regularly seen risk of cybersecurity exposure when user access reporting is documented incorrectly. Basically, the cyber insurance business is the same as every other insurance business. They want to take in as much premium revenue as possible and payout as little as possible in claims.
For example, recently the insurance firm Travelers wanted to deny coverage on a policy. They claim the insured customer misrepresented its cybersecurity practices in the insurance application questionnaire.
To help you understand, you might see an application question like this on a cybersecurity policy questionnaire. It relates to your practices around how you grant access and permission:
“Does the Applicant restrict user rights on computer systems such that individuals
(including third party service providers) have access only to those areas of the
network or information that is necessary for them to perform their duties?”
In the video below, FINOSEC Founder and CEO Zach Duke discusses issues like this and others you should consider. He also explores challenges you may face when you shop for cybersecurity insurance for your institution.
As Zach covered in the video, cybersecurity insurance requires more than an application. For example, you’ll have to describe how your MFA program operates, and your plan to report results to your insurance carrier. Failure to do this properly could lead to denial of insurance coverage.
A cybersecurity insurance policy may also require you to follow specific rules and procedures for your user access program. It can be a bit of work to determine and manage those rules. This is where FINOSEC’s user access solution shines. We can help make the process easier for you.
To learn more about how FINOSEC can be a great cybersecurity partner for your institution, use the link below to schedule a call with us.