- cyber insurance
IT admins are the key to obtaining cyber insurance
IT administrators already play a big role in maintaining smooth day-to-day operations. But they’re also indispensable for companies seeking cyber insurance coverage. Why?
- IT administrators play a key role when companies prepare to obtain or renew cyber insurance policies.
- Their expertise is particularly crucial when assessing current IT security risks, implementing security measures and documenting practices in the event of a claim.
- IT administrators also play a central advisory role when communicating with insurers.
This is part 1 of a two-part article about cyber insurance. Part 1 focuses on the key role that IT admins play when companies obtain coverage. Part 2 will focus on the responsibilities of CISOs and CFOs.
The growing importance of cybersecurity has significantly shaped the role of IT administrators in recent years. Their expertise makes them key players when it comes to evaluating and obtaining suitable cyber insurance policies. In order to meet the very complex requirements of cyber insurance and obtain appropriate and affordable coverage, companies must be well positioned in four core areas:
- Assessment of current IT security practices and risks
- Development and implementation of required security measures
- Documentation and compliance to fulfill insurance requirements
- Communication with cyber insurers
IT administrators play a central role in those four core areas. In the event of a claim, compensation will depend on how well companies and their IT teams demonstrate that security measures defined in the insurance contract are in place.
IT administrators have the most reliable knowledge of their company’s existing hardware, software and network structures, as well as security practices and risks. They know how vulnerabilities can be identified and which specific IT security measures are needed. That information is a prerequisite for being able to obtain favorable insurance terms, conditions and costs. If you use the baramundi Management Suite, for example, the inventory function provides a comprehensive overview of all security-related IT assets. That degree of network transparency is particularly important during the insurer’s evaluation process.
IT administrators are responsible for developing and implementing tailor-made security guidelines. Only when security routines comprehensively address existing risks can reliable measures protect the company from the growing threat of cyberattacks. If companies also invest in proactive risk management involving systematic analyses and appropriate mitigation strategies, they can be in a stronger position when applying for coverage. Reliable risk management will also become increasingly important as new IT security regulations such as the EU’s NIS2 Directive take effect.
Documenting existing IT security measures helps cyber insurers accurately assess a company’s current and potential risk exposure. In the event of a claim, companies must provide accurate records to prove that all compliance requirements have been met and ensure that damage and remediation costs are covered. IT administrators need to provide this evidence. Automation tools make that much easier by generating detailed documentation of IT practices such as vulnerability scanning and update management.
IT administrators’ comprehensive understanding of existing infrastructure and security risks makes them invaluable sources of information and advice to top decision-makers
when working with insurers. They can also assess whether the final insurance policy is on the most favorable terms possible and adequately covers potential risks. Company
management should involve them at every step of the decision-making process.
Part 2 describing the responsibilities of CISOs and CFOs when preparing to obtain cyber insurance will follow soon. So stay tuned!
Act now and protect your company against cyber risks. Use our expert knowledge of IT and cyber insurance and follow the most important steps in our practical checklist.