CYBER SECURITY VALIDATION INSURANCE CERTIFICATE
Steps to decreasing the cost of your Business & Cyber Security insurance.
Cyber Security Insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cyber security insurance market could help reduce the number of successful cyber attacks by:
(1) promoting the adoption of preventative measures in return for more coverage; and
(2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.
An Cyber Security Validation Insurance Certificate can help you identify your team’s strengths and weaknesses and identify areas where issues can have the greatest impact on your business. As data breaches occur more frequently, there are additional pressures for business to step up efforts to protect the personal information in their possession. Cyber-attacks may come from nation states, terrorists, criminals, activists, external opportunists and company insiders (both intentional and unintentional). Cyber criminals attack to gain some type of informational, political, military or economic advantage. They usually steal money or information that can eventually be monetized, such as credit card numbers, health records, personal identification information and tax returns, and some just want to do damage to the hard work you have done.
WHY DO I NEED CYBER SECURITY INSURANCE?
A traditional business liability policy is extremely unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur. Exposures are vast, ranging from the content you put on your website to stored customer data. Learn more about cyber security insurance and how it can protect you. Awareness of the potential cyber liabilities your company faces is essential to managing risk through proper coverage.
Possible exposures covered by a typical cyber security liability policy may include:
- Data breaches: Increased government regulations have placed more responsibility on companies to protect clients’ personal information. In the event of a breach, notification of the affected parties is now required by law. This will add to costs that will also include security fixes, identity theft protection for the affected and protection from possible legal action. While companies operating online are at a heightened risk, even companies that don’t transmit personal data over the internet, but still store it in electronic form, could be susceptible to breaches through data lost to unauthorized employee access or hardware theft.
- Intellectual property rights: Your company’s online presence, whether it be through a corporate website, blogs or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement and defamation, among other things.
- Damages to a third-party system: If an email sent from your server has a virus that crashes the system of a customer, or the software your company distributes fails, resulting in a loss for a third party, you could be held liable for the damages.
- System failure: A natural disaster, malicious activity or fire could all cause physical damages that could result in data or code loss. While the physical damages to your system hardware would be covered under your existing business liability policy, data or code loss due to the incident would not be.
- Cyber extortion: Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. This can cause a temporary loss of revenue plus generate costs associated with paying the hacker’s demands or rebuilding if damage is done.
- Business interruption: If your primary business operations require the use of computer systems, a disaster that cripples your ability to transmit data could cause you, or a third party that depends on your services, to lose potential revenue. From a server failure to a data breach, such an incident can affect your day-to-day operations. Time and resources that normally would have gone elsewhere will need to be directed towards the problem, which could result in further losses. This is especially important as denial of service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organizations server.
WHAT NEEDS TO BE DONE TO GET A CERTIFICATE?
At POWERNET, we have talked to underwriters and insurance agents to come up with cost-saving solutions. We have a customized assessment solely designed to ask the right questions to determine what needs to be worked on. The following steps will happen before a certificate is issued to a business:
- First you retain POWERNET to perform a Cyber Security Validation Insurance Certificate Assessment.
- Next we will work with you and your management team to fill out a Cyber Security Validation Insurance Certificate Assessment, and after it is completed, we will start the next stage.
- After you have finished the assessment, we will go over with you our findings, this will be in a report that you keep for your business records.
- The next step is working with you and your senior management to create a set of Plan of Actions and Milestones (POA&M) for each issue we find and give a date that will be corrected. The dates we choose, and these tasks WILL NOT BE COMPLETED overnight! A POA&M is a management tool for tracking the mitigation of cyber security program and system level findings/weaknesses. NOTE: Each POA&M and its associated milestone(s) must have a scheduled completion date that reflects a reasonable time period for completion of a remediation activity.
- Next we will create Corrective Action Plans (CAP). CAPs are required for all POA&Ms with corrective actions that require more than one (1) year to complete. In the CAPs we will include the Root Cause, the Mitigation/Resolution and Associated Risks, and also include the Recurrence Prevention Strategies.
- Once we have all this in hand, we will work with owner or executive management, and create a annual POWERNET America Cyber Security retainer, that will help you with the issues we found, and after it is all issues are resolved, we will stay on with a minimum retainer, just in case you have an incident. We will inform the insurance agent we have been retained, so they know you have a subject matter expert (SME) team in place in case any issues arise. This will give them warm and fuzzy feelings about your decision to manage risks within your business. Whereby lowering their risks in your business.
- At this time we will give you a Cyber Security Validation Insurance Certificate to give to your insurance agent.
- Once completed, and you have insurance, POWERNET will provide the insurance agent the POA&M information and we will submit quarterly a Cyber Security Report Card and Information Security Metrics to show you are actively managing the risks and working toward improving your cyber security position.
WHAT DO YOU HELP ME WITH AFTERWORDS?
POWERNET's job has just begun! We will work with the owner or executive team and any team members they use to resolve the issues. But we will not stop there! Here are a few other areas we will work with you on:
CREATE OR BOSTER THE COMPANY'S POLICY & PROCEDURES
POWERNET will either create a set of policies & procedures, or bolster the ones you have. Then work with you to modify it to help you create the company culture you want your company to have. This will protect your investment you made in your business.
EMPLOYEE CYBER SECURITY / PRIVACY TRAINING
POWERNET strongly believes that one of the biggest vulnerabilities to data security is presented through people. Countless data breach surveys have highlighted that data compromise is commonly caused from within an organization. This is not suggesting that all organization’s employ hackers or employees with criminal undertones. However, many data breaches are caused by users with poor IT security knowledge, or poor understanding of how to deal with digital data in general. However, we also believe with the right tools, your employees turn from being one of the biggest vulnerabilities to one of the biggest assets your company can have. Your employees should be your strongest and first line of defense in the cyber security wars.
POWERNET will provide on-site security awareness training for staff, which is tailored to meet your organizational requirements. We can provide sensible, realistic and structured training that is based on practical rather than theoretical considerations to help protect your organizations data assets. Cyber Security cannot be tackled through technology alone. Security solutions such as firewalls, web content scanners and anti-virus engines all have their place, but for an organization to be truly security aware it must educate and train its people. Security should be central to a company’s policy, culture, process and working practice.
SOCIAL ENGINEERING AWARENESS TRAINING & ASSESSMENT
The best technical defense won’t protect you against a socially engineered attack. This overlooked threat is an extraordinary security risk. In today’s world, social engineering is one of the most commonly used vectors by attackers to gain access to a company’s physical location and/or sensitive data. Many organizations believe their yearly security awareness training's are enough to warn their employees of these type of attacks – but, how do they really know if they are effectively working? At POWERNET we train your team, then launch realistic social engineering campaigns to evaluate how employees will react to social engineering attacks. If someone fail, we will privately mentor them in areas they should work on. Keep in mind, we at POWERNET begin social engineering assessments with real-life intelligence gathering and create customized real-world attacks.
CONTINUOUS TRAINING APPROACH
An annual cycle of assessment, education, reinforcement, and measurement maximizes learning and lengthens retention. We will work with you to create an annual security awareness and training methodology so it is a continuous approach to risk reduction.
HOW DO I GET STARTED?
To find out how POWERNET can save you money on your business and cyber insurance, while helping you define a security awareness program. Please complete our contact form below or call us a (256)489-8425!