When Insurance Companies Ask Your Business About Its Cybersecurity

You might have noticed that business insurance companies are starting to show an interest in how you are protecting your technology and data. If your org has been in touch with your insurance provider regarding modifying or renewing your business insurance, you were likely handed a lengthy questionnaire about your cybersecurity. Let’s take a look together to help you make informed decisions on how to handle your IT and how to prevent your insurance costs from skyrocketing.

My Business Insurance Company is Asking Questions About My IT!

It might come as a shock to some business owners when they receive a long questionnaire with a lot of technical questions from their business insurance agent. Every provider will be a little different, but in our experience, they are usually asking questions about who handles your IT, how many endpoints you have, what vendors you use, and questions about your backup, cloud hosting, and cybersecurity.

We’re talking about insurance here, so it’s obvious that your answers to these questions could play a role in your actual coverage, your insurance premiums, and in some situations, whether you are actually eligible for coverage.

We’ve been getting questions about this a lot lately, both from clients and other Metro Washington, DC area businesses who are worried that they might lose coverage because their IT isn’t as organized or as up-to-date as their insurance provider wants it to be.

It’s a stressful situation.

Let’s Take a Look at What Your Insurance Company is Asking

Every insurance company is going to be handling this a little differently, and there will be even more variables depending on the industry you are in, the size of your company, and a few other factors. 

Generally though, the big questions cover more or less the same handful of topics:

• Do you store sensitive information?
• If so, where, and how do you back it up?
• What kind of security policies do you enforce (strong passwords, multi-factor authentication, etc.)?
• Who is responsible for the management and upkeep of your information technology?
• How are you protecting electronic correspondence?
• Are you providing security awareness training and testing in your organization?

If you are in the healthcare industry or the financial industry and work with even more sensitive information than most other businesses, there are already strict regulations to meet, and your insurance provider might want to make sure you are following those guidelines as well.

It’s critical to know that your insurance agent doesn’t know anything about what’s in place at your business when it comes to your technology. Your rep probably isn’t especially technical either, which can add to the confusion. Sometimes they might be able to give you some deeper insight into what the most important questions are, but in a lot of the cases we’ve seen, the insurance provider can’t really offer much in the way of guiding your business to meet their compliance standards. 

And honestly, we wouldn’t expect them to. That’s not their role.

Don’t Do This for the Sake of Your Business Insurance

Sure, if you can make some changes to your IT to reduce your overall insurance costs, then that’s a nice win. That being said, business owners shouldn’t be taking these steps just because your insurance company told you to do so. Forget the savings on your insurance, and look at this as an opportunity to do the right thing for your business.

There’s a reason insurance companies are asking questions about cybersecurity: modern cyber threats have become a much larger problem over the past few years, and it’s only going to get worse. Even for a smaller business, a particularly bad ransomware attack can cost thousands and thousands of dollars. Additionally, your organization can lose a lot of time dealing with threats, to the point where one attack could put you out of business.

A lot of the standards that your insurance company is looking for aren’t necessarily expensive fixes either. It’s less about throwing money at the wall and more about making sure things are done properly and that your staff understands how to keep your data secure.

Let’s Consider Your Business’ Insurance Requirements

Macro Systems has been helping businesses make sense of cybersecurity requirements and compliance requirements for a long time, and we can help your business review the requests made by your insurance provider and make sure you are doing what’s best for your business.

If you have any questions or want to review your insurance requirements together, give us a phone call at 703-359-9211.