Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
Cyberinsurance Applications Now Demand Specific Security Measures
May 12, 2022
CSO Online reported on May 11 that cyberinsurance applications are now asking a lot of questions about your cybersecurity measures. And, if you fail “the test,” you will be penalized, sometimes by a higher premium – or sometimes coverage may be denied.
We are now seeing very lengthy applications. Virtually all the applications ask if you have two-factor authentication in place. Nearly as many are asking if you utilize endpoint detection and response tools.
They also want to know what email filtering solutions you use – happily, most businesses can provide a satisfactory answer to that one.
Backups are critical to cyberinsurers – they want to know how often you back up, how you back up, and how you store your backups. Naturally, they want to make sure you always have a backup that is not connected to the network, so it is impervious to being encrypted in a ransomware attack.
These are the most common questions, but there are many, many more. We are often brought in just to help people filling out the applications understand what is being asked. They often cannot give the answers the insurers are looking for, which may mean higher premiums or denial of coverage.
We are also concerned that the cyberinsurance companies now hold a lot of data about your cybersecurity. Understandably, cyberinsurance providers are a magnet for cybercriminals looking for the entities they insure and the amount of coverage.
With these new and extensive applications, the insurers are also now holding an extensive amount of data about your cybersecurity, much of it very useful to cybercriminals who want to attack you. That is extremely worrisome.
Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology