What Northern California Businesses Need to Know About Cyber Insurance

Over the past couple years, cyber insurance requirements have changed dramatically, and a lot of businesses in the Sacramento and Reno area are scrambling to figure out what they need.

As it turns out, ransomware attacks and data breaches have skyrocketed. This means cyber insurance companies are likely paying out millions in claims. To mitigate the issue, they are making sure businesses have more than just basic cybersecurity in place.

Why Cyber Insurance Requirements Change

Insurance companies are doing actual security assessments. They're asking detailed questions about your IT infrastructure, and they're declining coverage or charging significantly higher premiums if you don't meet their requirements.

The reason is simple: ransomware became an epidemic. There have been attacks on businesses of all sizes across Northern California. Small law firms in Sacramento, construction companies in Reno, manufacturers in the Central Valley. No business is immune. So, it's time to think about what your cyber insurance requires, what you already have in place, and what you might need to invest in soon. If you work with a good managed IT provider, such as Integrated Networks, they will know how to help.

What Many Insurers Require Now

Requirements vary by insurer, but many of them require the following:

• Multi-Factor Authentication (MFA): Almost every insurer requires MFA on all remote access and administrative accounts. That means you need something beyond just a password, such as a code from your phone.
• Regular Backups: Insurers want to know you can recover your data if you get hit with ransomware. So, now they require tested backups that are kept offline or in immutable storage.
• Email Security: Advanced email filtering to catch phishing attempts. Since most ransomware gets in through phishing emails, this is non-negotiable for most insurers.
• Endpoint Protection: Modern antivirus and endpoint detection on all computers. Meaning your business needs more than a basic or free antivirus.
• Security Awareness Training: Regular training for employees on how to spot phishing attempts and other threats. Most insurers want to see this documented and repeated at least annually.
• Patch Management: Keeping systems updated with security patches. Attackers love exploiting known vulnerabilities in outdated software.
• Incident Response Plan: A documented plan for what to do if you get hit. Who do you call? How do you contain the damage? How do you notify affected parties?

What Happens If You Don't Meet Requirements

Pay significantly higher premiums. Insurers will cover you, but you'll be paying more for your premiums for being "high risk."

Accept major coverage limitations. These limitations mean you will still have cyber insurance, but there are big exceptions to your coverage, such as lower coverage limits, higher deductibles, and exclusions for certain types of attacks.

Be declined coverage. Some insurers are just walking away from businesses that don't meet basic requirements. They've decided it's not worth the risk.

How to Meet Cyber Insurance Requirements

The best way to ensure you meet the basic requirements is to work with a professional managed IT provider. They should understand exactly what your insurance policy requires and set it up for you.

1. Start with an assessment. Figure out what you already have in place, what's missing and document it properly. Most businesses are further along than they think.
2. Prioritize MFA and backups. These are the two non-negotiables for almost every insurer.
3. Document everything. Insurers want proof. Keep records of security training, backup tests, patch schedules, documentation is key.
4. Test regularly. Having a backup system that doesn't work is worse than not having one at all. Test your backups. Test your incident response plan.

Integral Networks Approach to Cyber Insurance Requirements

There's no way around it, meeting insurance requirements costs money. But we know that budgets can be tight when it comes to running a business. So, Integral Networks offers two cybersecurity options.

• Basic managed services with essential security: You sign a liability waiver acknowledging the risks.
• Enhanced cybersecurity: A package that meets insurance requirements and covers you properly.

A cyber attack can cost you more in the end than you might think. So, with the rise of ransomware, phishing attempts, and data breaches, make sure you pick the right option for your business.

What You Need to Know About Cyber Insurance

Cyber insurance requirements aren't going away. If anything, they're getting stricter. The businesses that treat this as an opportunity to improve their security are the ones who'll remain better protected.

Before you decide how much you want to spend on remaining protected as cyber attacks get more sophisticated, remember the cost of a ransomware attack could be very high.

If you're dealing with cyber insurance requirements and not sure where you stand, we can help.

Click Here or give us a call at 916-626-4000 to Book a FREE 15-Minute Discovery Call