How Insurance Can Help Cybersecurity
Following recent major cyberattacks, the Obama administration is trying to look at how various sectors can use different tools to help shore up cybersecurity. One sector one probably wouldn't normally think of is insurance companies.
As Congress mulls cybersecurity regulations, Deputy Secretary Sarah Bloom opines that insurance companies could help, point out that an insurer can affect the behavior and policies of a company in the underwriting process. Simply applying for cyber insurance will force a company to look at where they stand on cybersecurity and where they can make changes to get better. Insurers, wary of covering a company with weak security, will ask questions and probe the applicants.
Some questions an insurance company might ask include:
- What is your response plan for dealing with a cyberattack?
- Do you use two-factor authentication?
- How often are patches and updates applied?
- How do you evaluate contractors and make sure they follow company policies?
- What do you use to scan for viruses and other malware and how often do you do it?
It may sound simple, but just having an insurance company review and hold a company accountable is an innovative way to step up cybersecurity.