The Expert Podcast

Don't change anything; let the original ideas stay, and just arrange it by paragraph: even though we're recording this video in 2023 you're probably watching this in 2024 or maybe even 2025 and the reason why is the need for these cyber defense cyber security is not going to become very urgent for another year or two and the reason why is the regulations the mandates uh the disclosure requirements from government agencies are not really going to start hitting for the next year or so so when those due people are going to be searching and finding this video so what we're going to do is we're going to talk about what you need to do to satisfy requirements of government agencies contracts maybe uh vendor requirements or even client requirements for you to have either cyber insurance or cyber protection for your business.

First thing is there's a new method of protecting yourself called an incident response retainer this is not insurance this is where a company can pay in advance to hire a team to respond to cyber attacks and it's a way to prepay for that so if you have an attack you can call Ghostbusters and they show up to handle your attack now it's a little cheaper than insurance but remember most cyber insurance policies include incident response with their policy in addition to providing incident response most insurance companies that sell cyber liability insurance also provide what's called active monitoring or active prevention where they will put um different scripts or monitoring programs on your computers you see all our computers behind us they will have monitoring so if there is an intrusion they will see it in real time and they can prevent it so cyber incident response is an option so you can look into that be aware that most cyber policies commercial lines insurance policies have this.

The reason you need it is because there's new rules coming into the marketplace SEC for public companies have cyber security disclosure rules you have to tell them what insurance you have what type of prevention you have and if there is a breach you have to disclose and inform your customers the public uh maybe even vendors what of their information was disclosed and you might have to even pay for things like uh Identity Theft Protection credit monitoring or other fines companies are already starting to feel the pressure from these cyber rules right these incident reporting rules don't kick till December that's a couple months from now but experts say they highlight the need for collaboration so if your executive management team in your company is not up to date even if you're not a public company you probably have some disclosure rules in your state or even if you don't have rules if you have a cyber event that hits your company and you don't let your customers know or your vendors know that their information may have been breached you may have civil liability even if you don't have a requirement to disclose you may find you have civil liability where you get sued and say look your company was attacked you didn't tell me my my information was out there or even if they didn't get the information if it harms your ability to service that customer and they have damages because you couldn't deliver products fast enough maybe you couldn't pay your bills to them fast enough your account's payable they could sue you because you didn't disclose to them why not cyber liability insurance many times covers these disclosures and that's the reason why more and more companies are requiring third parties to have cyber liability insurance when they're doing business with you so you're going to find that more frequently.

Why are these events happening even with very robust it prevention like you probably have an IT department but employees often will ignore the rules right so you probably have an IT department they're going to tell your employees look don't give out your password don't um answer these spam emails don't click on this bad link but a lot of times they get fooled these cyber hackers are very slick they know what they're doing they know exactly how to manipulate people it's called um social engineering uh you probably heard about the case earlier this year at MGM Grand in Las Vegas where some somebody just called into their help desk and made them give away their login and this is a big company so this happens all the time which is why you want to have monitoring on your system companies are spending money their budget for cyber insurance and and prevention has jumped 70% in four years cyber premiums have increased for in the last period of time but a lot of times if you have an existing policy you it's not going to jump as much as getting a new policy so look at those expenses there's a widening gap between cyber insurance and what the damages are more and more companies are not insured and more and more companies are underinsured you probably have a cyber liability insurance Rider on your existing policy but it may have a limit 20,000 50,000 many of these cyber attacks cost hundreds of thousands if not six fig seven figures so you want to make sure that you have decent coverage many um boards or executive staff will say you want to have at least you know one or two years worth of revenue for coverage as a as a Max or put it on your umbrella policy companies are now starting to put this into their budget just in the same way you put in other you know best practices for your business and you want to start early uh based on a survey of more than 300 organizations indicated it took longer than 6 months to obtain a renew cyber insurance so it's not something that's instant like buying car insurance you want to make sure that you're starting that underwriting process early because they're going to ask you a lot of questions they're probably going to check out your system which is a good thing because if they do find vulnerabilities that can help help you plug those leaks even before you get the insurance policy because they're going to tell you what you have to fix and that will help prevent the claim in the first place remember the Cyber insurance underwriter that company whoever writes your insurance whether it's chub Coalition limit box many major companies out there they are going to U make sure that you're not a serious risk going to make you fix things and they're going to monitor your your network for you because they don't want to claim any more than you do in fact you'll have some small deductible on your insurance policy but they're going to pay out a lot more than you do so they want to make sure to help prevent your policy from having a claim or having a loss even more of an interest in doing that than you do it's almost like having a partner in the Cyber defense U realm so if you have questions about cyber liability insurance you can click on the link risk coverage.com or call us at the phone number we'd be glad to be of assistance.