Cybersecurity Insurance The advantages and disadvantages of investing in a cybersecurity insurance policy
We all know that K-12 school districts are a target of cybercriminals, and that a cyberattack can disrupt instruction, lead to bad press and can be costly to mitigate. That is why experts recommend investing in a comprehensive cybersecurity insurance policy. A well-drafted policy should include protections for financial losses, recovery expenses, and liability costs. “An effective policy should cover all threats from ransomware to social engineering attacks to insider threats.” Review a policy carefully to ensure the policy does not contain “exclusions you expect to be covered” and that the policy addresses K-12 specific threats and risks. Having a cybersecurity insurance policy can help an organization rebound from a cyber-incident “more quickly and at a lower cost.” Policies that are more “modern” may also include additional services such as risk assessment and training. Lastly, cybersecurity insurance policies can provide a “safety net” as your organization is developing security programs while “providing access to funds and special services in the event of an incident.” While we still recommend having a stand- alone cybersecurity insurance policy, there are some caveats to bear in mind. Like any insurance policy we invest in, you may pay high premiums and never file a claim. You will want to avoid policies that are too complicated or confusing as well as policies
“An effective policy should cover all threats from ransomware to social engineering attacks to insider threats.”
that are “bundled with other commercial policies.” Also, try to ensure your policy does not contain too many exclusions and doesn’t set “inappropriate limits” to cover an incident. While holding a cybersecurity insurance policy may “encourage” cybercriminals hoping you will use the insurance to pay the ransom, investing in policies that incorporate ransomware payments is not a best practice recommendation. Look for insurance companies that support organization recovery attempts and discourage agreeing to ransom demands. Even if you manage to get the best cybersecurity insurance policy out there for your district, you still want to implement strong cybersecurity and recovery programs to defend against cyberattacks. Click here to learn more about cybersecurity
Data Privacy & Security Service, Issue 22
Page 4
Made with FlippingBook - Online catalogs