Cowbell’s founder and CEO, Jack Kudale, recently published an article in Forbes magazine, addressing Security regulations in Cyber Insurance and the need for having efficient incident response plans in place for businesses nationwide.
If you haven’t had a chance to read it yet, here are the three points worth highlighting:
1. Federal and State governments as well as Industries, are increasing requirements surrounding incident response
The many regulations – governments, industries, or others – issued to date on data security and privacy, have helped establish standard requirements for security and give us a common way to talk about it. Most recent revisions include specific recommendations surrounding incident response plans, demanding companies be better prepared to deal with the inevitable cyber incidents of the future. Below are some extracts:
|Regulation||Extract from the regulation|
From PCI DSS v3.2.1, Requirement 12.10, page 113
“Implement an incident response plan. Be prepared to respond immediately to a system breach.”
From HIPAA regulation text:
“Security incident procedures. Implement policies and procedures to address security incidents.”
“Subpart D—Notification in the Case of Breach of Unsecured Protected Health Information”
From CCPA regulation:
“(2) Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.”
From GDPR regulation: “When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.”
Each Covered Entity shall notify the superintendent as promptly as possible but in no event later than 72 hours from a determination that a Cybersecurity Event has occurred.
|NIST Framework||PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed|
2. Incident response plans must continue to evolve
Cyber incidents are times of crisis. Knowing ahead of time what to do, who to get involved (or not), which procedures to follow is paramount. Yet most companies don’t have one today that has been vetted and tested by the organization.
Incident response plans can’t be static either; they need to be revisited to reflect organizational changes, technology updates and upgrades, and most important new threats.
In fact, an adequate incident response plan should come with:
- Step by step activities to follow when an incident is discovered
- Contact information of professionals
- Notification orders for impacted entities and individuals
- Additional budget line for worst-case scenarios
- Frequent testing of said plan
If you happen to start with any available templates for incident response, take the time to review every step and customize it to the uniqueness of your organization so that the plan will fulfill its purpose, should an incident happen.
3. Experts need to be part of the plan
Cyberspace is complex and evolves rapidly and on a continuous basis. Without trained professionals, impacted organizations will not be able to respond in a manner that serves the company best. The IT team may seem like the obvious solution but if they are not trained to negotiate ransomware, conduct forensic research, or have general experience surrounding breaches, they might be helpful in the process, but not able to enable the company to recover as quickly and with as little damage as a specialized team could.
Here are some of the obvious questions you should ask yourself, to quickly evaluate where you will need outside help:
- Does anybody in your team have experience interacting or negotiating with cybercriminals? (this is critical in the case of a ransomware attack)
- Many security teams are already overwhelmed and working extra hours. Is your security staff ready to go even further and work overtime until the crisis is resolved?
- Do you have the means to notify customers and partners of potentially compromised data? Do you have the legal expertise in-house to manage such communication?
Even if you are tempted to answer yes to any of the above, our recommendation is to tap into the resources made available by your cyber insurer.
4. Know ahead of time the resources available from your cyber insurer
Trying to identify and recruit expert resources in times of crisis is bound to be overwhelming. Your cyber insurance policy should come with immediate access to expert recovery resources as soon as a claim is filed. Cowbell’s cyber policies come with coverages specific for different types of cyber incidents and a breach coach that will guide you through all critical steps as the incident unfolds.
There’s more in our cyber policy than recovery. We consider it part of our duty to share with you every insight found and your unique organization’s risk profile at the time we issue the policy. And we give you access to these insights as they get continuously updated throughout your policy lifecycle. Through collaboration with dozens of field experts, Cowbell’s policies not only insure businesses – they also deliver a closed-loop approach to risk management. If you want to know more about Cowbell Prime, our cyber insurance programs, or would like to get appointed to distribute our policies, you can contact us at [email protected].
Note that all your clients, regardless of whether they have a cyber policy with Cowbell or not, can request their risk profile at https://cowbell.insure/for-businesses/.