A Comprehensive Guide for Hawaii Businesses

In today's increasingly digital world, businesses in Oahu and beyond face a growing threat of cyberattacks. From ransomware and data breaches to phishing scams and social engineering, these incidents can have devastating financial and reputational consequences. Cyber insurance is a critical tool for mitigating these risks, providing financial protection and expert support in the event of an attack.

This comprehensive guide will walk you through the process of securing the right cyber insurance policy for your Oahu business, ensuring you're well-protected in the face of ever-evolving cyber threats.

Why a Standalone Cyber Insurance Policy is Essential

Many business owners mistakenly believe they're covered for cyber incidents under their general business liability insurance. However, traditional policies often lack the specific provisions needed to address the unique challenges of cyberattacks.  

A standalone cyber insurance policy offers targeted protection designed to cover the costs associated with cyber incidents, including:

• Data recovery: Retrieving and restoring compromised data.  

• Legal fees: Defending against lawsuits and regulatory actions.  

• Cyber extortion: Responding to ransomware demands.  

• Notification costs: Informing affected customers and complying with data breach notification laws.  

• Business interruption: Covering lost income due to downtime.  

• Public relations: Managing reputational damage.  

Choosing the Right Cyber Insurance Provider

The cyber insurance market is filled with various providers, each with its own strengths and weaknesses. Selecting a reputable insurer with a strong track record in cyber insurance is vital. Here are some key factors to consider:

• Specialization: Opt for an insurer specializing in cyber insurance, demonstrating their expertise and understanding of cyber risks.

• Financial strength: Choose an insurer with the financial resources to handle large claims.

• Claims process: Inquire about their claims process, ensuring it's efficient and supportive.

• Coverage options: Review the range of coverage options to find a policy that aligns with your specific needs.

Don't Let Your Agent Fill Out the Application!

The application for cyber insurance is extensive and detailed for a good reason. It requires a deep understanding of your business operations, IT infrastructure, and security practices. Allowing your agent to complete the application without your active involvement can lead to inaccuracies and omissions, potentially jeopardizing your coverage.

Instead, take the time to thoroughly review and understand each question. Provide accurate and complete information, ensuring your policy accurately reflects your risk profile.

Understanding Your Cyber Insurance Coverage

Cyber insurance policies can be complex, filled with technical terms and legal jargon. It's crucial to understand the nuances of your coverage, including:

• First-Party Coverage: This covers your own losses resulting from a cyber incident, such as data recovery, business interruption, and cyber extortion costs.  

• Third-Party Coverage: This covers claims made against you by others who suffered losses due to a cyber incident involving your business, such as privacy violations or security breaches.  

• FTC Compliance: Ensure your policy adheres to the Federal Trade Commission's (FTC) guidelines for data security and breach notification, such as the FTC Safeguards Rule. This rule requires financial institutions and businesses handling sensitive customer information to implement robust security measures to protect against unauthorized access, disclosure, and damage.  

• Sub-limits: Be aware of any sub-limits within your policy that cap the coverage for specific types of losses.

• Exclusions: Identify any exclusions that may limit coverage in certain situations.

The Importance of Partnering with a Cyber Insurance-Savvy MSP

A Managed Service Provider (MSP) with expertise in cyber insurance can be an invaluable asset. They can assist you in:

• Risk assessment: Identifying vulnerabilities in your IT systems and security practices.

• Policy selection: Recommending appropriate coverage based on your risk profile.

• Application completion: Ensuring accurate and complete information is provided in the application.

• Incident response: Providing guidance and support in the event of a cyberattack.

Interview with a Cyber Insurance Expert

To provide you with further insights, we reached out to a leading cybersecurity expert, Don Mangiarelli, for their perspective on this critical topic. Here's what they had to say:

Question 1: In your experience, what is the biggest mistake businesses make when it comes to cyber insurance?

Answer: The biggest mistake businesses make when it comes to cyber insurance is letting their agent fill out the application. If the agent lacks knowledge of the business operations and IT infrastructure and they just check all of the boxes to get the lowest premium and the business suffers losses from a cyber attack, such as ransomware, when the insurance company does its investigation and finds that MFA is lacking or maybe there is not sufficient protection of the computer systems or online applications, or even that the business is using the router from their ISP, the claim may be denied.

Question 2: What are some key cybersecurity measures businesses in Oahu should implement to reduce their risk and potentially lower their cyber insurance premiums?

Answer: In order to lower their premiums a business needs to make a "reasonable effort" to protect its systems. What does a "reasonable effort" look like? It looks like implementing a router/firewall/Intrusion detection/Intrusion prevention system, AI infused cybersecurity software (commonly called EDR or MDR) on all systems, monitoring the email/document storage application for suspicious logins or suspicious activities (commonly called ITDR), employing MFA on all applications that offer it, Conditional access, having an Incident Response Plan and practicing it in quarterly roundtable exercises, policies and procedures that encourage security best practices, physical security, Security awareness training program, phishing simulation, etc. These security features lower a businesses risk classification and contribute to significantly lower premiums.

Question 3: How can businesses ensure their cyber insurance policy keeps pace with the evolving threat landscape?

Answer: As the threat landscape continues to evolve, cybersecurity focused insurance companies will update their policies. Working with an MSP that is cybersecurity focused will help to ensure that your systems are protected as the threats evolve. Using AI infuse cybersecurity software for instance, can help to protect your systems against threats that have not yet been developed.

Question 4: Why is it crucial for businesses to have a strong incident response plan in place, and how does cyber insurance support this?

Answer: Having a solid plan for incident response that covers all of the possible circumstances that could affect a business is important so that when an incident occurs that potentially shuts down the business, it is able to recover quickly and efficiently. It is not just important to have a written incident response plan, but to practice it on a regular basis as well. If all of the stakeholders are aware of who is responsible for what actions, the response and recovery processes will go smoothly and getting back up and operational will be a much faster operation.

Question 5: What advice would you give to Oahu businesses that are hesitant to invest in cyber insurance due to cost concerns?

Answer: Cyber insurance is no different than any other insurance policy. You only need it it if something bad happens. With estimates that 100% of businesses will suffer a cyber attack over the next 2 years, it is important that businesses weigh the risk of obtaining a policy and not needing it vs. not obtaining a policy and possibly going out of business from a single cyber incident. Insurance is a risk management decision. If a business has a high risk appetite, they may opt to chance it and not purchase a policy. If a business has a lower risk appetite, they may buy more coverage to ensure that they are covered in a worst case scenario.

Key Takeaways for Oahu Businesses

• Cyber insurance is no longer optional; it's a necessity for businesses of all sizes in Oahu, especially in sectors like Hawaii Real Estate and Hawaii Business, which handle sensitive client data.

• Invest the time to understand the complexities of cyber insurance policies.  

• Partner with a reputable insurer and an experienced MSP that offers comprehensive IT services Oahu and Cybersecurity services Oahu.

• Prioritize cybersecurity measures to mitigate risk and potentially lower premiums.

• Develop a robust incident response plan to minimize the impact of cyberattacks.

By taking these proactive steps, you can fortify your Oahu business against the growing threat of cybercrime and ensure its continued success in the digital age.

This is a lot to take in, so if you still have questions take advantage of our free 15 minute strategy session to answer your questions and make sure that you get a policy that won't leave you stranded when your business suffers a cyber attack. Book your call here --> https://strategy.cybersecurehawaii.com