We have surveyed hundreds of small business owners and a frequent comment is a lack of understanding around cyber vulnerabilities. These owners want to learn more about cyber vulnerabilities and how it can impact their business. Common questions are: Is my company at risk; how do I know my company has cyber security vulnerabilities; who can help me identify risk?
A starting point is to simply review a cyber insurance application. The questions contained in the application are indicative of a lack of network controls where the insurance industry has experienced the most claims or breach events. Ask yourself some of these questions that are contained in a majority of applications:
If you answered “no” to any of the above, your business might be at higher risk than believed. Further, your business might be uninsurable as these are viewed as necessary cyber controls for a carrier to offer a quotation. Many of our clients first focus on cyber resilience and then pursue insurance.
You can begin by asking your IT vendor why they haven’t been encrypting data in transit and at rest, why they don’t have training of employees on phishing, and if they have daily backups that are stored off-site, off network, and enable recovery in a reasonable amount of time.