The risk involved with cyberattacks has been increasing steadily for businesses in Charlotte, NC, and beyond.
The remediation cost for a single ransomware attack has more than doubled in the past 12 months, going from an average of $761,106 in 2020 to $1.85 million in 2021.
That’s a cost that not many small or mid-sized companies can absorb without a major threat to their ability to stay in business. This is why a lot of SMBs are now considering cybersecurity insurance.
Cybersecurity insurance is different than general business liability insurance in that it is designed specifically for reimbursement of costs associated with a data breach or other type of cyberattack.
It will cover things like technology repair, network security costs, the cost to notify customers of a breach, compliance penalty costs, and other associated expenses.
But the questionnaire that you must fill out when you apply for this type of insurance can be complicated. Questions are posed in a more technical way that many customers don’t understand. For example, a question might be about whether a company has an NGAV, and business owners might have no idea if they do or not, so they answer “no,” when they actually do have this protection in place through their managed IT services plan.
Answering incorrectly on your application for cyber insurance can mean you end up paying thousands of dollars more in annual premiums than you should.
That’s why it’s best to get help from an IT professional, like Rocky Knoll Technologies, when filling out a cybersecurity insurance application.
What are some of the questions you’ll commonly see? We’ve got a rundown below. This will help you prepare should you apply for this type of protection in the future and will also clue you in to the types of safeguards that could reduce your insurance premiums.
Expect These Types of Questions When Applying for Cybersecurity Insurance
Are Emails Pre-screened for Malicious Links & Attachments?
This question relates to whether or not you have an automated system in place that lets your users know when an email comes from outside your domain.
You might think that all they need to do is look at the sender’s address, but it’s not that simple. Many spammers that send phishing emails use a tactic called email spoofing. This makes it look like an email message is coming from a certain domain, such as your own company email when it’s actually coming from elsewhere.
Using an automated system puts security in place that can alert a user using a banner at the top of the email, so they know an email originated outside the company network.
Do You Use SPF, DKIM, or DMARC?
Another email security question that you’re likely to get, which is also related to protecting against email spoofing, is whether you use email authentication protocols.
These three protocols are:
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting & Conformance (DMARC)
The protocols are set up on your mail server and are used to verify that the “send” address for the mail matches the originating IP addresses that are approved to send mail for that domain.
If You Use Microsoft 365, Do You Have the Advanced Threat Protection Add-on?
Advanced Threat Protection is a service in Microsoft 365 that includes a higher level of cybersecurity for the cloud platform and associated accounts.
Do You Use Multi-Factor Authentication for Your Cloud Accounts?
Multi-factor authentication (MFA) is a protocol that insurance providers are looking for because it’s so effective at reducing cloud account breaches. If you have this enabled on all your accounts, you should be able to get a discount on your cyber insurance premiums.
Do You Use a Next-Generation Antivirus (NGAV)?
What’s the difference between antivirus and next-generation antivirus (NGAV)? The main difference is that an NGAV has advanced capabilities and uses AI to spot anomalous behavior that could indicate a zero-day threat.
If you’re using an older signature-based antivirus, you have a much lower level of protection and could be susceptible to the immediate threats that haven’t yet been cataloged in a threat database anywhere (aka zero-day threats).
Do You Record & Track All Software Used Across Your Organization?
If you don’t have a cloud use policy in place, then there is a good chance that employees are using cloud apps for work that you don’t know about.
Shadow IT is a big security risk and companies can pay more in cybersecurity insurance premiums if they aren’t tracking all software being used across the organization for their business data.
Learn More About Safeguards to Reduce Cybersecurity Insurance Costs
Rocky Knoll Technologies can help your Charlotte area business with any cybersecurity insurance questionnaires as well as the safeguards to be put in place to reduce risk and lower premium costs.
Schedule a consultation by calling 704.594.7292 or reach us online.