Cyber Insurance: One Layer in a Multi-Faceted Security Program
Could you imagine owning a house without also having homeowners’ insurance? It’s likely you’d answer ‘No’? Why? Because a home is the largest financial investment most people have. You want to protect your investment with insurance in the unlikely event something catastrophic happens.
Now, imagine not performing routine maintenance on a furnace, plumbing, electrical, or structural issue. Seem foolish? We agree.
Why do we need to both perform home maintenance and pay for homeowners’ insurance?
Because even with all the preventative care and insurance, bad things can happen. The preventative care reduces the likelihood your home is damaged. Insurance mitigates the risk even further by providing financial compensation in the event of an unexpected incident.
The term for this layered approach to cyber programs is ‘defense in depth.’ We can’t rely on any one control. Rather, we build layers of protection. While this doesn’t eliminate the risk of a breach, it does drastically reduce the chances.
This is the conversation I had a few months ago with an executive leadership team of a mid-sized firm. It made perfect sense to them. They all owned homes, performed preventative maintenance, and invested in insurance.
Yet, when I replaced the home in this scenario with their business, and homeowner’s insurance with cyber insurance the urgency was lost.
An Investment Not Another Cost
The firm had already invested a moderate amount of money building a respectable cybersecurity program. In fact, the establishment of effective security controls would reduce the cost of cybersecurity insurance. However, when asked if they would invest in cyber insurance, I was told there was no budget for that expense. They never made the investment.
We don’t question the need for preventative maintenance and insurance in our own home. A business organization is no different. Your organization’s brand reputation, intellectual property, and financial wellbeing are all at stake.
Most people have negative experiences with insurance companies, which can create feelings of overwhelm when considering acquiring cyber insurance. It doesn’t have to be overwhelming and not everyone in the insurance world is bad.
Find the Right Partner
We’ve helped a number of clients find and acquire the right policy for them. We’ve even helped them to perform the pre-work needed to secure approvals from the underwriter. We welcome the opportunity to do the same for you. Get in touch to find out how we can help you create a layered cybersecurity defense for your business.