Filling Out A Cyber Insurance Questionnaire

welcome back to another episode of cappuccino chat this time we're talking about the cyber security questionnaire we all keep getting asked to fill out all right so this time we're talking about that cyber security questionnaire that we all get uh when it comes time for Renewal or when we're trying to get a new insurance policy for the first time some of the things to be on the lookout for are one unfortunately [Music] no two questionnaires are the same I've been doing this now for a while and helping various clients in different Industries and I've never yet run into the same questionnaire twice I've seen them as short as a single page and as long as 14 pages long so every one of them is a little bit different couple of things to keep in mind uh one every time you answer in the negative normally no but sometimes could be yes it is going to increase your premium so for instance if they ask you do you have um a Enterprise grade firewall yes or no if you answer no your premium would more than likely go up by how much I have no idea that's that's for the industry to tell you but keep in mind that the things that the cyber security questionnaire is talking to you about are most likely things that I've been talking to you about and or your it person has been talking to you about adding and making you more secure the reason the security companies are asking the insurance companies are asking now for the cyber security questionnaire is they don't want to pay you back the money you've been paying in right so the insurance company wants the income but they never want the expense of paying out on the policy so they're telling you the things that the security interest industry is seeing that you need to implement to keep yourself safe so that you don't have a breach and they don't have to pay out so it is one of those things that is kind of giving you that information of hey it guy's been talking to me about this Matt's been talking to me about this we need to really consider adding this to our system because it is important and it is a way for these breaches to happen which could end up really costing the business um not only financially and clients but in some instances businesses were not able to recover from this and have closed permanently so it's one of those things we want to make sure we don't do so pay attention to those cyber security questionnaires those questions are things that uh if your it guy is not talking to you about them you need to raise that question we of course are here to help you in filling that out and we do that for all of our clients another thing to keep in mind when filling that out is it is uh there's no gray area with those questions so it is uh oh all Yes or all no it is not a yeah somewhat people so I'm going to check the check box the biggest one I see there is on two-factor authentication or multi-factor authentication and these questions come in various forms sometimes they just ask are you using it well depends on what what they mean by where are you using it right so you may have to go back to them and ask them more specific questions more often than not I'm saying are you using two-factor authentication on your email so this is going to be like your office 365. it is built into Office 365 but it's not enabled by default and it has to be set up for every user on the system so every user that uses it has to have two-factor authentication configured into it if they can log in they need to have it so when the question comes up is are you using it just because maybe your account and maybe the owner's account or this person's account has it enabled but not the entire organization if that is the case and the entire organization does not have it enabled and is using it the answer is no do not check the check box of yes if it is just some of the organization doing whatever it is they're asking for in this case the two-factor authentication for email the reason for this is is if something were to happen they're not going to instantly write you a check and say oh yep you had a policy with us you had a breach here's a here's a check for some money sorry that that happened to you no they're going to launch an investigation they're going to want to dig into things they're going to want to work with you us or whoever your I.T firm is and really get that done okay so they are going to want to make sure that everything you told them you were doing you were doing and as soon as they find an area in which you were not 100 truthful or is not the actual case they will basically deny your claiming you will have nothing so it's going to be better for you to answer no on everything if that's the case if that's 100 truthful then it is the mark yes that oh I've been talking to you know Matt about this we're gonna we're gonna get around to it so I'm gonna say yes don't do that because if something were to happen you're paying them and you're not going to get any value out of it if hopefully and ever but if you end up needing it right it's one of those insurance policies that we have that we hope we never need so be a hundred percent uh accurate with those questions there's no gray area it's 100 yes or 100 no if it's not one of those two things then it's the other right so do you have multi-factor authentication enabled on your email oh all my employees do have it enabled that's a yes oh all but 10 have it enabled okay well then that's a no okay so keep those things in mind we want to make sure that um you do have a cyber insurance policy it is good uh protection to have again for those financial things that come up after a breach helping to pay for the recovery any kind of um things that may go on with your clients that you need to pay for the bad PR all those different things we're going to want to make sure you have that insurance policy to back you up and it does take some time to get that money if you have any questions concerning uh cyber Insurance do I need it how much do I need those kinds of things I'd be more than happy to have conversations with you if you are a client of ours more than happy to help you fill out that questionnaire most of you reach out to me and we do go through that and as always if you have any questions please reach out 760-770-5200