Risk Insider: David Lewison

5 Tools to Help Risk Managers Before a Cyber Loss

By: | December 18, 2014

David Lewison is co-leader of the AmWINS Financial Services National Practice, which includes cyber liability and other types of management and professional liability. He can be reached at [email protected].

Risk management professionals in health care have to be both paranoid and hyper-diligent because organizations in that sector face threats from multiple fronts that can put them out of business.

Every patient is potentially a plaintiff.  Regulators are reviewing a lengthy list of concerns, including employee safety, employment practices, patient safety, patient privacy, facility safety, Medicare billing, environmental impact and tax status.

There have been a myriad of articles outlining the benefits of cyber liability Insurance after a data breach.  While most people know that cyber liability insurance pays for claims following a loss, many overlook the benefits for risk managers prior to a breach and even in absence of a data breach.

Here are five pre-breach benefits provided by leading insurers and their partner vendors that may reduce the potential for a breach as well as possibly reduce the damages.

1. Compliance training.

Some insurers provide customized web-portal delivered training to employees regarding the handling of personally identifiable information (PII) and personal health information (PHI).

One way risk managers can improve their organization’s cyber liability risk profile is to train their employees how to properly handle private information.  Privacy attorneys will tell you that their discussions with regulators are far more pleasant when they can quickly demonstrate that an honest mistake was made by well-trained employees rather than negligence or indifference.

2. Test your network.

Insurers have partnered with well-known security firms to help assess the strength of an organization’s network security.  This shouldn’t be viewed as a threat to the competence of an IT department, but rather an additional assessment that doesn’t deplete an IT budget.

3. Manage risk.

Most insurers offer risk management content from highly specialized vendors on a web portal specifically for the use of the insurance buyer.  These portals typically contain sample privacy policies for websites and employee handbooks, data breach examples, loss calculation tools, risk management tips, news articles and claim contact information.

4. Call an expert.

Some insurers will provide access to both legal and IT professionals to ask questions about incidents that may or may not constitute a breach.  The lawyers help understand the various state and federal regulations and what needs to be reported.

5. Develop a breach response plan.

Included with the cyber liability insurance policy, risk managers will often find a roadmap of what to expect in the event of a breach.  On that list they may find a “breach coach” that coordinates forensic security vendors, law firms, public relations professionals, insurance company claims contacts and more.

Sometimes you get what you pay, but in the case of cyber liability insurance policies, risk managers get an insurance product in addition to a host of services that help lower their risk profile.

When you’re ready to purchase cyber liability insurance, make sure you review the additional service offerings to be sure it includes these additional benefits.

More from Risk & Insurance