By Michael Moyer and Dave Chmiel

Since the onset of the COVID-19 pandemic, the increase in remote work has increased cyber risk and made each attack costlier than ever. That’s made insurance companies take a closer look at each cyber claim and take their time in processing them.

The number of cyber claims did not necessarily rise during 2020, but the monetary amount of each claim spiked. So carriers are taking a long, hard look at each claim before processing them, slowing down the process. Cyber claims that once took days or weeks are taking months to process.

Because the exposures and potential vulnerabilities have both changed, carriers will want a full understanding of how each claim occurred that speaks to the risk exposure.

How to get coverage

While the typical coverage renewal process begins 90 days out, in today’s environment, the frequency of these conversations must increase. Get ready for your renewal by preparing answers to the following questions for your broker. Your broker will want to know:

Q: Are you taking the time to train your new and existing employees?

A: Detail exactly how you’re onboarding employees that are working from home. What devices are you providing new employees? How are you getting the devices to them?

Q: What measures do you have in place with WFH?

A: Include all parameters for your network use at employees’ homes. What rules have you made? How do they actually play out in the field?

Q: What additional exposures do you have now that you didn’t before?

A: Make a list of new cyber exposures – those that involve employees and those that don’t. Has your business pivoted to offer new services or products during COVID-19? Think about all new exposures.

Q: Is your WFH workforce still at home? For how much longer?

A: Will your workforce be returning to the office? If so, when, and will employees have an option to continue their WFH? If so, how often and what precautions are you taking for the back-and-forth of devices?

Q: Do you have employees leaving the organization?

A: If employees are leaving your organization during COVID-19, either voluntarily or via layoffs, what are you doing to protect your organization’s employee and customer data?

Work with your broker to ensure there is no gap in coverage and that you are protected by all the risks that exist in today’s new normal.

Six best practices in combatting cybercrime

Beyond coverage concerns, there are a number of both passive and active measures organizations can take to improve the success of your cyber security plan. Doing so will make your business a better risk in the eyes of underwriters by reducing your exposure.

  1. Employee and employer vigilance. In today’s work-from-home environment, both employers and employees are at risk, making them partners in cybersecurity. Employers need to educate workers on the cyber vulnerabilities of working from home and provide guidance on safer at-home set ups and best practices.
  1. Test your network regularly. One possible test involves sending out dummy phishing emails or other forms of attack to staff and track how employees respond. Holding your staff accountable is just as important as performing the tests. Review each employee’s response with them, and consider termination for employees who continually fail these tests.
  1. Wipe devices when repurposing hardware. When employees store personal data on their work computers, they open themselves and the organization up to additional liability that’s often unknown to the employer. Instruct workers not to store personal information on company devices and wipe devices clean of data before reuse with another employee.
  1. Set proper onboarding procedures. Vetting employees is critical — even when you’re understaffed. Consider the example of a newly-hired employee given an unwiped computer; he accessed the personal credit card information of the former user. After the new employee made purchases using the credit card number, the company was held liable because it failed to take appropriate steps before repurposing equipment.
  1. Encourage employees to use password protectors. Passwords are the most vulnerable aspect of any network, but are often not strong enough. Password managers like LastPass can help build a wall around your data.
  1. Layer security. There is not one catch-all solution to cybersecurity. The safest method to protect your digital assets is a multi-tiered approach. This includes staying up to date with software and training; understanding the latest disguises being used by cyber criminals; using tools like password managers and two-factor authentication and encouraging employees to segment their home networks by activity and only use work computers for company activities.

Contact your HUB Cyber expert for more information on safeguarding your staff and specifying the right cyber coverage for your business moving forward.