Whether you’re an employee or an employer, you’re likely affected by remote work perhaps more now than ever before. Remote work and hybrid work have become the norm because of the COVID-19 pandemic.
Along with that are often other changes. For example, you may be using your own device more than ever, or perhaps exclusively.
This creates advantages for you, particularly in convenience and being more productive if you’re already comfortable with the device.
At the same time, if you’re an employer and you’re thinking about the situation as it exists currently, you might wonder about the cybersecurity risks BYOD policies create and how you can mitigate them.
Cybersecurity insurance coverage is an increasingly popular option, and below is what you should know about how it relates to BYOD policies and remote work in general.
What Is Cyber Liability Insurance?
Cyber liability insurance covers data breaches, employee errors, and hacking. These scenarios might lead to data loss, monetary loss, regulatory breaches and compromise of your systems.
Insurance may cover the day-to-day costs of business interruption, investigation with a trained team, and data loss and recovery expenses. Cyber liability insurance can also cover extortion amounts, crisis and reputation management, and the cost of penalties from regulatory agencies.
Be Cautious of Exclusions
If you’re thinking about buying cyber insurance to protect your business, it’s essential to be highly aware and cautious when it comes to exclusions.
For example, some insurers limit exposure unless the infrastructure is owned or leased by the insurer.
What about bring-your-own-device (BYOD) environments?
There may be exclusions in a policy that limits coverage to infrastructure the company owns. If you have a remote employee using their own device and their actions lead to a cyberattack, there may not be coverage.
Some insurers understand the gap that exists in policies, and they’re stepping up to offer specific BYOD clauses, which might be worth looking for.
Shopping For Insurance in the Current environment
Some changes are happening in the cyber security industry because of the pandemic. First, there’s been a massive uptick in ransomware attacks. That’s meant insurance carriers had to pay out huge amounts of money to fulfill attackers’ demands. These costs don’t even include what insurers pay to help clients restore their systems.
These costs of cyber extortion have gone up so much underwriters and carriers are changing their business models in one or all of the following ways: they’re increasing requirements on the end of their clients, they’re significantly increasing premiums, or they’re ending the provision of cybersecurity insurance.
Some companies are finding their insurance premiums are going up drastically in this new environment.
If you’re considering buying cyber liability insurance right now, keep the following in mind:
- First, read the fine print very carefully. Again, if you have employees who use their own devices, you want to make sure that a policy covers them.
- Go ahead and budget for higher premiums when you’re choosing insurance. You might see as much as a 50% increase in premiums year-over-year, with no signs of that dying down anytime soon.
- Many insurers are requiring that their clients have appropriate cybersecurity policies and protocols in place. Even if your company doesn’t require that, you need these policies to be updated and well-documented. If you do have specific requirements in place that are relatively stringent, you may qualify for lower premiums, plus you’ll have a safer business.
- It’s an excellent time to shop around. Since the industry and cybersecurity, in general, are in a massive transitional period right now, you’re actually going to see big differences between how companies do things. This might include price, coverage amounts and conditions.
Regardless of what direction you go with cybersecurity insurance, you need to make sure that you’re covering your bases and protecting your network, data, and applications. It’s a good time to re-evaluate not just whether you have insurance and if so, what it covers.
It’s also an appropriate time to look at your larger strategies and make sure they’re conducive to what your work environment might look like right now.
Cybersecurity insurance is one part of the puzzle, but many other pieces are needed for a complete picture.
Do you have policies for BYOD? If so, how well-defined are they? Are your remote employees trained on cybersecurity and do they have the tools they need to do their job appropriately? What are the biggest risks and what particular strategy will help you best combat those right now in a changing business environment?