While the goal of cybersecurity is to shut down data breaches and other cyber threats before they happen, the reality is you’d still be responsible for any sensitive information stolen in the event of a successful cyberattack. In its simplest definition, cyber insurance can cover financial losses sustained from a cyberattack and cover your liability for a data breach involving customer information. Costs can include legal fees, notifying customers about the breach, and repairing or replacing computer systems.
The average cost of a ransomware claim is $485,000. For most dealers, just the thought of facing that kind of situation is scary, and facing it without coverage is even more terrifying! Yet, in 2023, 40 percent of companies purchased cyber insurance only after they had incurred a cyberattack. Taking action before an incident will save you money in the long run.
Cyber insurance does not replace cybersecurity
Insurance is meant to be one piece of your larger, risk-preventing puzzle. To have the best security program possible, your dealership should have a strong IT foundation followed by an up-to-date, monitored cybersecurity program, well-maintained compliance standards, and cyber insurance. Every layer works together to ensure you’re as protected as you look on paper.
Recent price surges and why they happened
Cyber insurance prices have been growing at an alarming rate. You may have experienced premium increases of 250 percent or more compared to a few years ago. It can be difficult to understand the high price point and know how to position your dealership for significant savings. The reality for cyber insurance companies is they’ve lost money the past few years by offering policies too broadly. As ransomware and other attacks have become rampant, claims have been more frequent and larger than anticipated. Now, insurance companies are only looking for “good risks.”
A “good risk” is a business that follows good IT protocols, security best practices, and cyber hygiene. These best practices also overlap with the FTC Safeguards Rule, thus giving you a two-for-one victory!
How to become a “good risk”
Here are the steps needed to become a “good risk” and harden your defenses against cyberattacks:
- Use multi-factor authentication (MFA) for admin accounts, cloud access, and remote access.
- Outsource endpoint protection, like PCs and servers to a 24/7 Security Operations Center. A good Security Operations team can respond to security alerts within minutes and shut down attacks in their infancy.
- Ensure you have reliable backups that are “air-gapped.” This means they are offline- either physically or logically- so malicious actors can’t tamper with them.
- Invest in a strong email filter. Phishing emails act as the entry point for 95 percent of all attacks.
- Ensure you’re using current-generation, supported operating systems and hardware, like firewalls. These systems need to receive regular security updates to maintain protection against the newest threats.
- Manage your third-party risks. These are vendors that have access to your data or your network. Suppliers are a common route to getting hacked!
- Provide high-quality security awareness training to your organization and review results frequently. Follow up on associates who don’t complete training or fail their phishing tests.
- Have a solid, rehearsed Incident Response Plan. Conduct a tabletop rehearsal at least once a year.
How to actually save money
Once these steps are in place, share your information security program with your broker. An alternative way that’s growing in popularity is to obtain insurance through your IT or cybersecurity service provider, who may have partnerships with insurance companies.
You can prove the quality of your program and diligence by sharing key metrics:
- Your phishing test results (including “phish prone” percentage), ideally under five percent.
- Systems protected by Managed Detection and Response.
- Percentage of MFA enrollment.
- Percentage of vendor-supported devices (unsupported systems should be zero).
- Results from the last backup test.
- Penetration test results.
With a solid program and a demonstration of your diligence, you can help your dealership qualify for the best cyber insurance rates possible!
Sponsored by Proton Dealership IT.