Have you insured your company’s information security?
Companies usually have their fire walls and antivirus software in order, but shortcomings of policies and processes as well as actions of company personnel may leave systems vulnerable.
The importance of information security insurance policies is ever-growing. One could say that information security insurance has become mandatory in today’s business world.
This is particularly true for industries that use information systems – in other words, all industries. At the very least, most companies maintain a digital client register.
Cyber crime is on the increase
The number of criminal cases related to information security has also increased for many years now. Normal small and medium-sized companies in Finland are common targets of cyber attacks. Cyber crime is often a highly developed criminal activity.
Sometimes, cyber criminals have large sums of money at their disposal and they are ready to make major efforts to commit a successful crime. Common motives behind cyber crimes include economic interest and political, military or ideological reasons.
Why information security insurance?
Digitalisation has made the confidentiality of data stored in companies’ information systems more important. At the same time, crime against information systems is becoming increasingly common.
More and more companies’ business operations are fully dependent on information systems. Information security incidents may cause not only serious business consequences but also substantial reputational damage.
The General Data Protection Regulation (GDPR) made processing clients’ personal data more strict in 2018. Data controllers are obliged to inform data subjects and relevant authorities of data security breaches immediately.
Companies can incur significant costs from the investigation of information security incidents, restoration of data and wiping of information systems.
What does information security insurance cover?
Information security insurance covers economic losses caused by e.g.
- damage to information systems
- data thefts
- human errors
- DoS attacks.
A company’s information system means the information systems, data and software owned and administrated by the company.
Unfortunately, the weakest link in a company’s information security tends to be human factors. In other words, employees. Information security insurance also covers damage caused by human errors.
The insurance coverage can be extended to cover damage incurred by the company from services outsourced to other IT service providers. Many companies have outsourced their customer relationship management (CRM) system or website administration to another company.
Information security insurance is based on risk assessment
Information security insurance policies are traditionally customised to each company’s needs, which is why the competitive procurement of an information security insurance policy requires a lot of groundwork. Usually, companies are required to fulfil long and complicated survey forms to take out information security insurance, which can be time-consuming.
Söderberg & Partners as insurance broker has negotiated and organised a tender competition for an insurance product that is excellent for its small and medium-sized client companies. We offer this solution to companies operating in specific industries. The price of the policy is impacted by the company’s industry and revenue.
In order to be eligible for the solution, the company must meet the minimum business activity and information security requirements set by the insurance company. The process is much faster and easier than the usual information security insurance procurement process.
We are also happy to procure a suitable insurance policy for companies that are not eligible for the pre-negotiated portfolio solution. We work with insurance companies from all around the world. The market for information security insurance policies is fluctuating and ever-changing, which is why we highly recommend expert services for competitive insurance procurement.