Implementing effective measures to prevent cyberattacks can mitigate their impact. Cybersecurity protects individuals’ and organizations’ systems, applications, computing devices, sensitive data, and financial assets against simple computer viruses and sophisticated and costly ransomware attacks.

Cybersecurity protection across your networks and programs assists in data protection from cyber-attacks. Organizations, people, processes, and technology must complement one another to create an effective cyber-attack defense.

In today’s connected world, everyone benefits from advanced cyber program defenses. A cybersecurity attack at an individual level can result in identity theft, extortion attempts, and the loss of essential data. We rely on critical infrastructure like utility and power stations, hospital facilities, and financial services. These and other organizations are vital to safeguarding our systems and keeping them operational.

But it’s also about protecting you and your agency too. Just as you have a team in your agency of individuals supporting the essential functions, workflows, and that best practices are followed. The cyber security of your agency is one area that a group of experts should review. Just as you review your HR handbook policies, and have your legal contracts examined, you should also check your Cyber Policy, practices, and procedures.

What specialist should I have involved in reviewing my cybersecurity policy? Reviewing a cybersecurity policy should involve a team of specialists to ensure that all aspects are thoroughly examined and updated, as necessary. Here are some specialists you might consider:

1. Cybersecurity Consultants: These are professionals specializing in helping organizations improve their cybersecurity practices. They can provide valuable insights into the latest threats and best practices for mitigating them.
2. Data Privacy Officer: If your organization handles sensitive personal data, a data privacy officer can ensure that your cybersecurity policy aligns with data protection laws.
3. Human Resources Professionals: Since employees play a crucial role in maintaining Cybersecurity, HR professionals can help ensure that your policy includes appropriate provisions for employee training and awareness.
4. IT Professionals: Your IT team plays a crucial role in implementing and maintaining the technical aspects of your cybersecurity policy. They can provide insights into the practicality of specific policy provisions and suggest improvements based on their knowledge of your IT infrastructure.
5. Legal Counsel: Legal professionals can help ensure that your cybersecurity policy complies with all relevant laws and regulations. They can also advise on the legal implications of a data breach.
6. Risk Management Professionals: These individuals can help identify potential risks and suggest ways to mitigate them. They can also help develop a risk management plan that aligns with your cybersecurity policy.

Cybersecurity and E&O Best Practices for Insurance Agencies

Cybersecurity and Errors & Omissions (E&O) are two critical areas for insurance agencies. Here are some best practices:

Cybersecurity Best Practices:

1. Maintain offline, encrypted backups of data and regularly test your backups.
2. Conduct regular scans to identify and address vulnerabilities on internet-facing devices, to limit the attack surface.
3. Regular patches and updates of software and Operating Systems.
4. Restrict access to unsecured websites, disable pop-up windows and block employees from installing any software programs without permission from an administrator.
5. Training your employees regarding phishing and other common IT attacks.

E&O Best Practices:

1. Technology E&O insurance protects a company that makes a mistake or forgets to do a critical task that hurts a client financially. These mistakes can range from recommending inappropriate technology to failing to meet project deadlines.
2. When a client sues to recover losses, technology E&O insurance coverage can provide coverage for a firm’s legal expenses.

Best Practices for Insurance Agencies:

1. Monitor cybersecurity in the insurance sector closely.
2. Participate in ongoing discussions on cybersecurity.
3. Protect sensitive consumer financial and health information collected during the underwriting and claims processes.
4. Regulate and monitor insurance carrier’s solvency and market activities underwriting cybersecurity policies.
5. Work with insurers to resolve immediate concerns when a data breach occurs at an insurance company.

NAIC: CYBERSECURITY  Oct 18^th 2022, The latest Report on the Cybersecurity Insurance Market can be found here.

NAIC: CYBERSECURITY Last Updated  12/20/2022

https://content.naic.org/cipr-topics/cybersecurity

How can I protect my organization from cyber-attacks?

Protecting your organization from cyber-attacks involves a combination of technical measures, administrative controls, and good security practices. Here are some steps you can take.

1. Backup Regularly: Regularly backup important data and ensure that backups are secure.
2. Educate Employees: Train employees about the importance of cybersecurity, how to recognize threats, and what to do if they identify a potential security issue.
3. Encrypt Data: Encrypt sensitive data to protect it in case it falls into the wrong hands.
4. Implement a Security Policy: Establish a comprehensive security policy that covers all aspects of your organization’s operations.
5. Install Security Software: Use security software, such as antivirus and anti-malware programs, to protect against threats.
6. Limit Access: Only give employees the information they need to do their jobs.
7. Monitor Networks: Regularly monitor your networks and systems for unusual activity.
8. Plan for Incidents: Have a plan in place for responding to security incidents. Include steps for identifying and isolating the issue, investigating, recovering, and following up.
9. Regularly Update and Patch Systems: Keep all systems, software, and applications updated. Regular updates often include patches for security vulnerabilities.
10. Use Firewalls: Use firewalls to block unauthorized access to your network.

The cost of the global average data breach in 2023 has set an all-time record high, with the average breach cost reaching $4.45 million, a 2.3% increase from 2022 and a 15.3% from 2020, according to IBM’s “Cost of a Data Breach“ report, which determines that organizations must invest in cybersecurity to limit damage. https://www.iamagazine.com/news/average-cost-of-a-data-breach-reaches-all-time-high-says-ibm-report

Remember, cybersecurity is not a one-time task but an ongoing process. It requires regular reviews and updates to address new threats and vulnerabilities.

If you have additional questions or concerns about your E&O Coverage, contact our OIA E&O Director of Risk Management, Ashley Riley at 614-552-3052 or email ashleyr@ohioinsuranceagents.com. OIA Cyber Liability Account Executive Stacy Rosenthal at 614-552-3058 or email srosenthal@ohioinsuranceagent.com

Cited Resources

CISA.gov

What is Cybersecurity? Released: February 01, 2021

RELATED TOPICS: CYBERSECURITY BEST PRACTICES

https://www.cisa.gov/news-events/news/what-cybersecurity

Forbes.com

POST WRITTEN BY

Lev Barinskiy: Dec 30, 2019,07:00am EST

Cybersecurity Trends and Best Practices for Insurers and Businesses

https://www.forbes.com/sites/forbesbusinessdevelopmentcouncil/2019/12/30/cybersecurity-trends-and-best-practices-for-insurers-and-businesses/

NAIC: CYBERSECURITY  Oct 18^th 2022, The latest Report on the Cybersecurity Insurance Market can be found here.

NAIC: CYBERSECURITY Last Updated  12/20/2022

https://content.naic.org/cipr-topics/cybersecurity

Average Cost of a Data Breach Reaches All-Time High, says IBM Report

IA Magazine BY OLIVIA OVERMAN 10 August 2023

https://www.iamagazine.com/news/average-cost-of-a-data-breach-reaches-all-time-high-says-ibm-report