This is an absolutely wrong assumption. As cyber-crime has increased in frequency and intensity, the insurance industry has made adjustments accordingly over the last several years. Insurance companies are instituting security requirements to be in place as required by the policy.
Most insurance company’s require security protections to be in place similar to the CIS Controls or the NIST Cyber Security Framework.
If you can’t prove you have taken the required steps to protect your data, and you get hacked, the insurance company will not pay the claim. If you falsely claim you have specific security requirements in place on your insurance application (whether intentional or simple mistake) and you are attacked, the forensic analysis of the attack will reveal the truth. If there are inconsistencies with the application and the forensic findings, the claim will be denied and damages will not be paid out.
What to do? Review your insurance policy with us to make sure the proper security requirements are in place and documented.
If you are stuck or you just don’t know where to start, please give us a call at 951-319-4080. We will help uncover what you need to know about your IT system and recommend the appropriate steps to get your business data protected before a cyber-criminal attacks.