In a perfect world, the partnership between a business and its insurance company must be based on full information and informed shared risks. This is even more true in the world of prudent cyber liability policies and coverage. Not only is this good and prudent business and risk management, but it is also simply wise. In a world of increasing cyber threats or even simple computer lapses, any good business thrives on understanding where its vulnerabilities are and doing that which is necessary to compensate for those weaknesses. Likewise, carriers are interested in minimizing risk where possible. To this end, there are a number of things businesses and carriers alike should explore together. Indeed, many of these are made prerequisites by some carriers who write these policies. These include the following:
- Participating in loss control evaluation services. These use third parties to examine a business’ practices and technology and then come up with where vulnerabilities exist and how to best control those. Suggestions may include built-in alerts on computer systems, ways to protect information in the hands of third parties, encryption of data, and data backup and restoration systems.
- Reporting to the carrier on regulatory requirements and undertakings on a routine basis.
- Employing and implementing a policy to protect for breaches. These include such things as regular and sustained internal communications about potential risks.
- Engagement of theft resolution services.
- Systematic and regular employee training as to cyber theft avoidance.