Estimated reading time: 8 minutes
Key Takeaways
- Almost every business needs cyber liability coverage due to the risks of data breaches and hacking.
- Data backups are essential to mitigate financial losses from cyberattacks, impacting insurance premiums and claims.
- Insurance companies expect regular backups, offsite storage, encryption, tested recovery procedures, and documented policies.
- Following the 3-2-1 rule ensures effective data backup: keep 3 copies on 2 different media, with 1 offsite copy.
- A robust backup plan not only safeguards against cyber threats but also fulfills insurance requirements for optimal coverage.
Nearly any business that is operating today has at least some kind of online presence. This online presence often also includes the collection of client data and taking things like payments through a website or linking structures. This means that any business that is out there is almost certainly going to need to have cyber liability coverage.
If your website or payment link is hacked and customer data is stolen, you need to be able to protect your business from the fallout and work to make things right with the impacted customers. This is a complex process and not something that you should seek to work through alone.
Let’s take a look at the ways that you need to protect your business beyond getting a quality cyber liability coverage plan. Your insurance company will be looking at your data backups when they quote you prices for your coverage, so you will want to have this valuable business process in place before you get quotes for a new policy.
Why Does Your Insurance Care About Data Backups?
It might seem strange that your insurance company would care about your data backup process. You probably reason that your data backups are only important to your company and not to your insurance company or your policy.
However, data backups are critical when it comes to some of the most expensive and difficult hacking situations that can impact your business. IBM reported that the average cost of a data breach from a ransomware attack was $4.44 million. No business can afford to handle this kind of situation without insurance.
If you do not have a data backup in place to protect your company’s critical operational systems, a ransomware attack could put you out of business instantly. This is why backups impact your premiums and are also sometimes at the heart of securing coverage for your business.
You need to know what a quality data backup protocol looks like so that you can have one in place to keep your business safe at all times. Let’s talk about what data backups look like and how to protect your business the smart way.
What Does Your Insurance Company Expect From Your Backup Plan?
1. Regular Backups
You need to be backing up your data at least once a day, but most companies these days back up their data every hour.
2. Offsite Data or Cloud Storage
When you are hacked, your entire system will go down. This means that your data from your backup has to be stored off-site or in the cloud to be accessible.
3. Encryption Access Controls
You will have to encrypt your data backup for it to be secure. Password protection is essential, and encryption is the added layer of security that most insurance companies are looking for.
4. Recovery Procedures That Have Been Tested
Just assuming that you can do a recovery if you are hacked is not enough. You need to practice the failover and recovery process periodically to be sure that it works and that your staff knows how to enact this procedure if needed.
5. Documentation About Backup Policy
You should always document what your backup policy is and track when it is taking place. This is just as critical as having the actual process designed by itself. Accountability matters when it comes to backups.
Building a Backup Plan That Actually Works
· Classify Your Data
Not all of your data will be the same. You need to have your mission-critical data at the forefront of your backup plans. This includes financial records and accounting information. You will also need to consider customer and vendor information, contracts, licenses, permits, and payroll data as mission-critical. Be sure as well that product or service dashboards are also backed up.
· Pick a Backup Method
Backups can be done via cloud storage that is stored off-site, through external drives that are also stored in another location, or network-attached storage, which is ideal for smaller businesses that need local control.
Your insurance company will not tell you that you have to use one over the other of these options, but you do need to show that you have a backup method in place.
· Use the 3-2-1 Rule
This is a classic IT method of backing up data. You will want to store 3 copies of all of your data in 2 different storage mediums, with 1 copy stored off-site.
This process allows you to protect your data in multiple ways and makes restoration after an attack so much easier.
· Schedule Automations
Automations are possible throughout the entirety of your backup plan these days. Use automation intelligently to save time and to make sure that backups are not forgotten.
· Test Your Restorations Regularly
It is a good idea to check that your automated backups are happening as they should. Be sure that you are regularly testing your backup process and making certain that you have the storage in place that you think that you do.
What Happens if You Choose Not to Back Up Your Data
When you do not have a backup plan in place for your business, you can face a bunch of different problems with your insurance, as well as find yourself unable to restore your data without paying a huge ransom.
You might be denied your claims or receive a reduced payout for the cyberattack claim you placed. You might see your premiums go up at renewal, and you could also be required to submit to a remediation plan before you can be insured again.
There are some insurance companies that will not insure you at all if you do not have a backup plan in place for your business.
As a real-world example, imagine a small e-commerce business that is hit by a ransomware attack. All of their essential business functions are locked out unless they pay the ransom. They do not have a robust backup plan and are only able to partially restore their business operations without paying the ransom.
Their insurance company only paid out on part of their claim due to their lack of preparation and backup protocols. This means that they had to pay out of pocket to get back on their feet, and they did not get support with all of the essential notifications that needed to be sent out to impacted customers. They were not able to sell products to customers for more than three weeks, and customers lost faith in their brand and moved on to other retailers.
Having a backup plan makes all the difference when a cyberattack occurs and you cannot afford to risk this kind of outcome for your business, no matter how big or small it is.
Cyber Liability Coverage is Impacted By Your Data Backup Plan
Now that you know more about the importance of a backup plan for your business data, you should be aware that most insurance policies will require the following factors related to your backup protocols:
· Employee cybersecurity training
· Endpoint security in place, such as firewalls and antivirus scans
· Encryption is in place for all business essentials
· You do regular data backups for all of your mission-critical data
It’s important to know that these things are typically required by insurance companies, but you should already have these protocols in place to protect your business. There is no reason to take chances that you will lose everything due to a single cyberattack. These kinds of threats are increasingly common these days, and you cannot afford to be casual about protecting your business from them.
The Gold Standard For Backup and Disaster Recovery
If you really want to be able to save on your insurance rates and keep your company safe from cyber threats, you need to know what the Gold Standard Cyberattack plan is.
This plan allows you to restore functionality and access quickly after an attack, and it helps you to be freed from negotiating with your hackers.
1. Automatic backups to both local and your cloud storage are done routinely, hopefully hourly.
2. You monitor for backup failures at all times.
3. You use encryption and versioning to protect your backups and your company data.
4. You have recovery time objectives (RTOs) and recovery point objectives (RPOs) in place for your backup plans.
It is always more expensive to protect your business properly…that is, until you are hacked and you cannot recover your business data.
Things to Remember
You should know that insurance companies always expect you to have data backups in place and to use encryption for your business data protection. You will need to use off-site storage to prevent hacking that locks you out without paying a ransom. You will need to do testing of your backup process on a routine basis to be sure that it is effective.
We can help you to get the cyber liability plan that you need to keep your business safe if the worst should come to pass. While no company plans to be hacked by a bad actor online, these things are increasingly common. Be sure that you are not setting your business up for failure and exposing your clients and vendors to cyberattack through your website or business platforms. Having a quality data backup plan in place to protect your company is key, and doubling down with a good insurance plan is a must.
