Hi All,
Currently doing our business insurance, and the rep is pushing a new one to us.
Cyber Protection Insurance. - https://www.steadfast.com.au/insurance-types/business-insura…
Does anyone have any advice?
Our business has very limited online presence tbh.
As in the business model?
So I got some rough idea from your replies and thereby suggesting the following
Assuming ur stuff is on Cloud , the only think you need to make sure is that you are encrypting any sensitive data correctly.
I would rather spend that money in ensuring the serve my customers a better product/service.
That means better availability , active mitigation to any DDOS & superior encryption to their data.
This is the equivalent of telling someone to not worry about car insurance and instead just try to not crash their car.
@picklewizard: Rather it is suggesting someone (from experience) that a car with drive assist is better than a usual car and hence you should spend money on better assist feature rather than on insurance (though car analogy may not the best here).
@picklewizard: Without knowing what the insurance actually entails. I've seen some highly voted ozbargain travel insurance deals, that are so well worded i cant think of a situation where I could actually claim.
Same applies to insuring my bike for theft. It was completly redundant as the bike lock needed to be from an approved list, and less than 3 years old, you had to provide the lock etc etc.
So yeah, i can see a few cases where the insurance is not worth the paper its written on
Yes by all means provide detailed information on your system security to a total stranger on the Internet
Lol
I am happy to log on some time and have a look around for you /s!
Like any insurance you should consider the risks involved and costs if you experience what you are insuring against.
if you have a limited online presence and backup all your data regularly then maybe you dont need it.
Everything is in Azure now. We also run VPN, Meraki Firewall etc.
Does it cover you if you're hacked and leak sensitive customer info?
Yeah.
Covers financial loss you may suffer as a result of a cyber attack.
The costs of a cyber attack, such as hiring negotiation experts, covering extortion demands and prevention of future threats.
The costs of recovering or replacing your records and other business data.
Damages to your reputation resulting from data breaches, such as loss of third party data held on your system.
Funds the legal costs of defending claims.
Covers legal expenses and the costs of fines arising from investigation by a government regulator.
The costs of copyright infringement, defamation claims and misuse of certain types of intellectual property online.
Provides cover for the costs of managing a crisis caused by cyber hackers
The costs of notifying customers of a security breach, and monitoring their credit card details to prevent further attacks.
I'd be very cautious of what could be an "out" for the insurance company, Having stuff in Azure and a VPN/firewall doesn't mean much if it's not set-up correctly. I can put in a firewall and leave the rules set to allow anything to communicate with anything and it renders it useless. Extreme example but good luck getting an insurance payout if you did.
I haven't looked at Cyber Insurance for a few years, but the policies were extortionate compared to the cover they provided a few years ago, might be better now as there will be more competition in the market.
As per some the answer above about only having to encrypt sensitive data as things are in the cloud - there's a lot more you need to do than that. Source - I've worked in Cyber Security for almost 14 years.
what's your take on intel ME and amd PSP ?
As someone who dabbles in cybersecurity professionally…yeah most businesses dont really need any SUBSTANTIAL cybersecurity or cybersecurity insurance
Unless its like super dirt cheap and looks fun, yeah dont really need it…👍
PM me the details of what you are currently doing and I can suggest you whether it is worth investing in this thing.