Cyber threats evolve at an unprecedented pace, with bad actors employing more sophisticated methods to exploit, and monetize, the vulnerabilities of victim organizations. From ransomware attacks to phishing scams, small and medium-sized enterprises (“SMEs”) are desirable targets because they typically lack the robust cybersecurity defenses that large corporations have. Worse, the assumption that “it won’t happen to us” leads many business owners to overlook necessary investments in cybersecurity and cyber insurance, which can lead to significant risk and exposure.
Cowbell recently conducted a survey of C-Suite and senior managers representing 500 small to medium-sized enterprises throughout the United Kingdom and found that almost 80% of these businesses had no in-house cybersecurity team; 32% (perhaps naively) believed a cyber attack would not limit their ability to do business, and 87% did not consider reputational damage after a cyber attack to pose as a significant risk to business.
52% of survey respondents said their first call would not be to their insurance provider, however, this is not the advice we provide our policyholders.
If you have cyber insurance, the first call should always be to your insurance provider – even if the organization simply suspects it may have a cyber incident. Whatever the situation – whether it be a full-blown ransomware event, a suspected phishing link that downloaded and installed malware, a lost laptop, or a social engineering scheme that re-directed money – the cyber insurer can help, and help quickly. Cyber claims teams deal with “worst case” scenarios every day. This means a cyber insurer is best equipped to swiftly triage the situation and facilitate the most expert and efficient incident response to mitigate loss and liability. One of the benefits of having a cyber policy is there is expertise at any time and for any scope of cyber incident. The aim is straightforward: to address the incident as expeditiously as possible and minimize the financial impact on the policyholder.
Not only should the first call be to the cyber insurer to make sure the right resources and teams are quickly engaged, but notifying the insurer early and involving them at all stages will enable you to maximize your coverage and obtain approvals (and preferable pricing!) for specialized work streams and resources such as legal counsel, forensics investigation, restoration and data recovery experts, ransomware negotiators, crisis communications, and notification support.
Another “pro tip” is that, to whatever extent possible, the affected business should be prepared to create a brief summary of the incident, and have appropriate stakeholders available for a scoping call with the incident response teams as soon as possible. Organizations that have an incident response plan (IRP) are better prepared to assemble appropriate information and people, thus the process of scoping is more efficient and access to critical information is more organized.
And, lastly, frequent engagement with your cyber insurance provider will result in better information transfer and guidance, fostering a more resilient organization, and hopefully avoiding that dreaded (severe) cyber incident. In addition to proactive communication and consultation, a good cyber insurer will have a suite of readily available resources to provide its customers (incident response plans, business continuity plans, preferred vendor networks, risk assessments, risk engineering services, and micro penetration testing to name a few). These resources work collectively to strengthen an organization’s cyber posture through proper education, planning, and testing. Accordingly, cyber insurers are in the most ideal position to advise organizations on better practices to prevent a cyber incident by leveraging the unique lessons learned from handling thousands of cyber claims on behalf of their policyholders. Interested in learning more about the comprehensive cyber insurance solutions Cowbell has to offer? Click here.
