Resiliency Planning in the COVID-19 Era – The Case for Stand-Alone Cyber Insurance
WHY THIS MATTERS
We hear the "what if" question every day during the COVID-19 pandemic. Here is how it applies to cyber risk.WHAT IF:
- My business experiences a cyberattack during the COVID-19 pandemic?
- We lose our critical data assets?
- We cannot recover our data after a cyberattack?
- Our critical machinery and processing are disrupted?
- We cannot continue operating after a cyberattack?
- Our community’s safety is at risk due to critical infrastructure damage?
- We have invested in cybersecurity to address our cyber risk?
- We have not invested in cyber insurance for our residual risk?
Cybersecurity and cyber insurance can and should complement each other. Your cyber risk mitigation (by using cybersecurity tools) plus cyber insurance provide your best return on investment to tackle your base cyber risk and any residual cyber risk (such as human error).
In these uncertain times during the COVID-19 era, businesses are struggling to survive. Among the myriad dangers we are facing (such as health, safety, and financial risk), we are facing an even greater risk of cyberattacks and cyber scams. That means we must be vigilant, learn, and pivot to improve our status from cyber insecure to cyber secure.
Of course, many companies and organizations have implemented cybersecurity measures. Now we are asking ourselves: Will it be enough while we work remotely?
Fortunately, we are in the era of information and knowledge sharing as well. We can learn, grow, and pivot as we go along. Is it or has it been perfect? That is your call. You can learn and pivot to improve the privacy and security of users.
What we know is that you can reduce your residual cyber risk and gain valuable cyber insurance coverage in a stand-alone cyber insurance policy provided by specialist cyber insurers and their brokers.
Noted in our recent Cyber Threat Alert - Over 500,000 Zoom Accounts Hacked and Cyber Threat Alert- Zoom Video Conferencing And COVID-19, Zoom is an example of a company that has been forced to learn and pivot quickly to improve the privacy and security of users. Is it or has it been perfect? That is not our call.
What we know is that this video conferencing tool has helped businesses continue operating and carrying out their mission.
Cyber insurance can do the same – help businesses continue.
Business Continuity Plan
Like disruptions caused by weather events or property damage, cyberattacks can halt your business.
You anticipate and make plans for weather events and property damage. Then, you buy insurance coverage for any residual risk as a part of that plan.
The same holds true for cyber risk. You need a business continuity plan and cyber insurance for any residual risk.
Your plan will include documented steps that outline how business operations will be maintained along with regular testing exercises to validate the plan’s effectiveness.
Business continuity plans help you mitigate the impact of unplanned business disruptions caused by cyberattacks.
Disaster Recovery Plan
Significant disruptions to your business operations call for disaster planning.
Like disruptions caused by hurricanes, large fires, or extensive flooding, cyber events can be massive.
Disasters require a multi-faceted approach, implementing human, physical, and technical resources to recover from the disruption of business operations.
From an IT perspective, restoring critical, secondary, and tertiary data from backups, the cloud or separate networks, computer systems, software and anti-virus software, cybersecurity tools, and any other Internet of Things (IoT)-connected equipment required for your business to operate.
The Disaster Recovery Plan (DRP) goes hand in hand with the Business Continuity Plan (BCP) to help restore operations in the timeliest and most cost-effective manner.
Incident Response Plan
As a precursor to the BCP and the DRP, you need an Incident Response Plan (IRP).
The response that you plan for (and pre-test for) during significant disruptions or disasters (again looking at weather events or property damage) is the same planning that you must carry out for cyberattacks.
An incident response may include the evacuation of a facility, initiating a BCP or DRP, performing risk and damage assessments, and any other measures necessary to stabilize your status.
Cyber Insurance Coverage
A robust cyber insurance policy provides coverage for:
- Business Interruption and Extra Expenses in which the insurer will pay or reimburse the insured for loss of business income after a waiting period (e.g., hours), and extra expenses (in excess of the policy retention), during the restoration period (e.g., days) incurred resulting from a cybersecurity breach directly causing a complete or partial interruption of the insured’s business operations.
- Data recovery in which the insurer will pay or reimburse the insured for data recovery expenses (in excess of the policy retention) incurred as a direct result of a cybersecurity breach.
- Data breach response and crisis management coverage will pay or reimburse the insured for data breach response and crisis management costs (in excess of the policy retention) incurred for a period of time (e.g., months) resulting from a data breach or cybersecurity breach.
If your cyber defenses do not mitigate the cyber risk, and your company suffers from a data breach, ransomware attack, Maze attack (combining a data breach and ransomware attack) or a denial-of-service attack (DoS) or distributed denial-of-service attack (DDoS), you will need help to mitigate the cyber loss and potential cyber liability.
You need a stand-alone cyber insurance policy that provides you with valuable coverage for your resiliency planning (IRP, BCP, and DRP).
Cyber insurance is a worthwhile investment.
- Even if you have some cyber vulnerabilities, you have the opportunity to learn and pivot during the COVID-19 crisis – and beyond.
- Even if you have resiliency planning in place, transferring residual cyber risk to a stand-alone cyber insurance policy makes good business sense.
- Even if you have commercial insurance policies, they may not provide coverage for a cyber loss or cyber liability also known as "Silent Cyber."
Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to request innovative and robust cyber solutions appropriate for your needs and cyber risk tolerance. We understand the evolving demands and expectations of cyber insurance clients.
Contact Cyber Armada today to examine how your company faces potential financial losses due to the use of cloud services. Contact us at 888.727.6232.
Watch for our next cyber insurance article on emerging cyber risk during COVID-19.