Introducing Cyber Insurance and Its Importance
Kameron Kennemer: Hello everyone, welcome back to another episode of the IT Curio Podcast. We explore the changing landscape of technology, cybersecurity, and managed IT services. I’m Kameron Kennemer, your host. Today, we have a special guest, Rhett Bray, founder of Beacon Path, a company focusing on cyber insurance. Welcome to the show, Rhett. How are you today?
Rhett Bray: Good, Kameron, thanks for having me.
Kameron Kennemer: Excited to have you here. Rhett, could you tell our listeners about Beacon Path and a bit about yourself?
Rhett Bray: Beacon Path designs, implements, and manages business programs for small to medium-sized companies in business insurance, benefits compliance, and HR. We typically work with companies of around 100 to 120 employees. These businesses often lack the bandwidth to manage all aspects necessary for running their operations. Our goal is to mitigate risks and transfer them, allowing business owners to focus on growth and reaching their goals.
Kameron Kennemer: That’s a noble goal. As businesses become more technologically advanced and connected, new risks emerge, right?
Rhett Bray: Absolutely. Years ago, concerns were about physical break-ins. Now, the threats come through cable lines and computers, targeting mobile phones and laptops. These digital break-ins aim for company data and client databases, a significant shift in business exposure.
Kameron Kennemer: Cyber insurance is a new and increasingly important product. Can you give an overview of what it is and its growing significance?
Cyber Insurance Mechanics and Risk Management
Rhett Bray: Cybersecurity is like having a good mechanic for your car. It keeps things running smoothly, but in case of an accident, cybersecurity alone isn’t enough, much like how a mechanic can’t help with car crash damages. That’s where cyber insurance comes in, similar to automobile insurance. It covers the damages and additional costs from a cyber incident. The reality is, with the rise of technology, the risk of breaches has increased significantly. IT departments are crucial, but they can’t prevent every possible breach. Cyber insurance helps manage the financial exposure from such incidents.
About 60% of small businesses that suffer a breach are out of business within six months. Many small businesses think they’re too insignificant to be hacked, but the truth is, hackers often target them to access their clients’ information. It’s a misconception that small businesses don’t need the same level of cybersecurity as larger ones.
Kameron Kennemer: Right, so what are the common threats businesses face?
Rhett Bray: Many businesses, especially small ones, don’t fully understand their vulnerability. The most common threat is phishing, accounting for 85 to 95% of breaches. It’s not about directly attacking the business but tricking employees into granting access through deceptive emails or messages. This lack of awareness and preparedness makes them an easy target for such attacks.
Rhett Bray: Many businesses, especially small ones, don’t fully understand their vulnerability. The most common threat is phishing, accounting for 85 to 95% of breaches. It’s not about directly attacking the business but tricking employees into granting access through deceptive emails or messages. This lack of awareness and preparedness makes them an easy target for such attacks.
Common Cyber Threats and the Need for Education
Rhett Bray: Other common threats include malware and internal threats, like a disgruntled employee. We’ve seen cases where such employees leaked sensitive client information online. It’s not just external threats; often, it’s about employees who are not well-educated on cybersecurity signs. Regularly, I receive emails flagged as potential phishing, and it’s a constant concern. Authentic-looking emails can be especially deceptive. Education is crucial for businesses to combat these threats.
Kameron Kennemer: Absolutely. At the IT Curio podcast, we offer free cybersecurity awareness training for businesses, aiming to make it engaging and informative. Our trainer, DJ Foreman, is both entertaining and educational. We believe in doing our part to address this cybersecurity crisis and sometimes gain clients through these efforts.
Rhett Bray: That’s vital, Kameron. Combining cyber insurance with cybersecurity education is essential. Insurance companies are cautious; they don’t just want premiums. They assess the risks they’re taking on. Cyber insurance policies often require employee education as part of their guidelines. It’s important for businesses to train their employees to identify and understand these risks.
The Dual Role of Cybersecurity and Insurance in Business Protection
Kameron Kennemer: Absolutely, having a partnership between cybersecurity and an insurance broker like Beacon Path is crucial.
Rhett Bray: Yes, it’s a two-stage safety net.
Kameron Kennemer: We protect our clients well, but there’s no 100% protection against cyber threats. Some will get through. That’s when having someone like Beacon Path as a final safety net is essential. How does cyber insurance work in mitigating these risks? Are clients protected from financial losses even if they’ve taken steps to protect themselves?
Rhett Bray: They can be. It’s important to distinguish between reducing risks and transferring the cost. Our role in insurance is to transfer the inherent risk. Despite having an IT department or company, they can’t guarantee a breach won’t happen. That’s where cyber insurance comes in, to handle the aftermath like data retrieval, customer issues, and third-party lawsuits.
Kameron Kennemer: Like the car analogy, we can provide good brakes, tires, and airbags for IT security, but we can’t promise an accident won’t happen.
Rhett Bray: Exactly. A good mechanic can maintain your car, but they can’t help you in an accident. That’s the role of insurance.
Common Misunderstandings About Cyber Insurance
Kameron Kennemer: Discussing the common misconceptions and challenges businesses face in understanding cyber insurance.
Rhett Bray: Many businesses adopt a mindset of “it won’t happen to us,” similar to never experiencing a fire or an accident. They view cyber insurance as a cost rather than an investment. The key is to align their insurance with their business goals and protect their long-term interests. Cyber insurance is often seen as optional and not a budget necessity, leading to underestimation of its importance.
Business owners might perceive insurance brokers as merely salespeople, but our role is to safeguard their business and facilitate growth. It’s crucial to educate them on their exposures and the potential impact of cyber incidents. Unfortunately, the realization of its importance often comes too late, after a breach has occurred.
Today’s threats don’t just come through physical entry points; they infiltrate through digital channels like desktops, laptops, and often overlooked, mobile phones. The modern business environment has multiplied the avenues for cyber attacks, making comprehensive protection more vital than ever.
Positive Impacts of Cyber Insurance and Eligibility Criteria
Kameron Kennemer: Rhett, can you share some positive stories about cyber insurance? We’ve heard the scary ones, but what about the cases where it really made a difference?
Rhett Bray: Absolutely, Kameron. Let me tell you about two of our small business clients. They experienced breaches and immediately notified their clients as required. Thankfully, their cyber insurance provided guidance and legal support. It’s not just about the financial aspect; it’s the expert assistance in managing the crisis. They were able to contain the breach quickly, communicate transparently with their clients, and start the recovery process. It’s a tough situation, notifying everyone about the breach, but it’s necessary, and having cyber insurance really helps manage that.
Kameron Kennemer: That’s very reassuring. What do insurance companies usually look for when assessing a business for cyber insurance?
Rhett Bray: Good question. There’s a kind of checklist or survey they use to gauge your cybersecurity health. They’ll ask about:
-
- Employee training: How frequent and effective it is.
-
- Email security: Measures for quarantining and screening emails.
-
- Password policies: The robustness of password management.
-
- Data backup practices: Ensuring secure offsite backups.
-
- Access control measures: Limiting data access based on employee roles.
These areas give them a sense of your readiness and where you might need to shore up defenses.
Preparing Businesses for Cyber Insurance Eligibility
Kameron Kennemer: How can businesses, especially those unfamiliar with cybersecurity concepts, prepare to qualify for cyber insurance? What steps should they take if they’re unsure about things like offsite data backups?
Rhett Bray: The first step is to consult with cybersecurity professionals. Businesses often struggle with the technical jargon and concepts in cybersecurity. It’s not just about knowing the words; it’s about understanding their implications and applications. Businesses should reach out to companies like yours, Kameron, to begin from ground zero. They need to admit what they don’t know and seek help.
For businesses, it’s essential to conduct an initial assessment to understand their current cybersecurity posture. This process can identify what they have in place, what they know, and what gaps exist. From there, cybersecurity experts can build the necessary safeguards and continuously monitor and control them. It’s not just about building a fence; it’s about ensuring ongoing security management.
Investing in cybersecurity is a trade-off. Allocating resources to protect against potential financial hardships due to cyber incidents is crucial. This investment can save a business from draining its funds meant for other critical operations like R&D or expansion. Transferring risk through cyber insurance is part of this strategy.
Businesses should start by engaging with cybersecurity firms, attending educational webinars, and having someone in their team get educated and report back on the necessary steps. This proactive approach is essential for understanding and addressing cybersecurity needs effectively.
Key Advice on Addressing Cyber Threats
Kameron Kennemer: What advice would you give business owners about these emerging cyber threats and cyber insurance?
Rhett Bray: The most important thing is to find a good partner, not just a vendor. It’s crucial to understand your business, its goals, and identify the risks. Having a partner for open and honest conversations about these risks is key. Every business, regardless of size, faces cyber threats, and it’s important to be prepared.
Understanding Your Policy and Final Thoughts
Kameron Kennemer: Any final thoughts or advice before we conclude?
Rhett Bray: One crucial point is the importance of understanding your insurance policy. Know exactly what is covered and, importantly, what is not. Be aware of any gaps in your policy to ensure you’re not left unprotected. It’s essential to have a policy that truly covers your needs.
Kameron Kennemer: Wrapping up, thanks to Rhett Bray for his insights. Encouraging our listeners to stay engaged with the IT Curio podcast.
Uonclusion
As we wrap up this insightful discussion, remember that cybersecurity is an ongoing journey. By staying informed, vigilant, and prepared, we can navigate the digital landscape with confidence. Secure your business’s future by starting with out FREE SecureBiz training today.
Visit ITcurio SecureBiz Training for more information and to enroll. Let’s take this important step together towards a safer and more secure digital environment for our businesses.
Stay safe, stay curious, and keep learning with IT Curio.