In today's digital age, the importance of cyber insurance cannot be overstated. Businesses in Fargo, North Dakota, and those everywhere else, face an increasing risk of cyber threats. Cyber insurance plays a crucial role in mitigating these risks, offering financial security against damage caused by cyber incidents, including expenses for investigations, credit monitoring services, and potential legal responsibilities(1).
This…would typically be an introduction you see on any given website at any given time. But I’m not your generalist insurance agent adding on a cyber policy because…well just because someone asked for it.
Let’s break down how it really works. When you think of cyber, think of your data and your money (first party). When you think of someone else’s data and someone else’s money, that’s third-party.
So, where exactly does cyber insurance fit into your cyber security ecosystem?
As an organization, if you handle your business with any connection to a network, there is risk involved. Questions to ask yourself regarding your organization:
Is email a source of communication?
Do mobile phones have access to company information?
Processing of any payments?
Exposure to any non-public information?
Involvement in wire transfers?
Some more obvious than others, but you get the idea. Now here’s the real kicker – as this risk continues to grow, there will be more involvement in regulation across the cyber security market. We’re going to look at one of those frameworks today, the FTC Safeguards Rule.
FTC Safeguards Rule
The FTC Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program. This rule applies to financial institutions subject to the FTC’s jurisdiction. The Safeguards Rule took effect in 2003, but after public comment, the FTC amended it in 2021 to ensure the Rule keeps pace with current technology.
These requirements align with other cybersecurity frameworks today, such as NIST, ISO 27002, or CIS controls that provide guidelines for organizations to mitigate risk. The regulation by FTC not only needs to align with their framework, which can be summarized at the Federal Trade Commission website5, but it needs to be documented as well.
Upcoming FTC Compliance Requirements
Recent amendments to the Safeguards Rule require non-banking financial institutions to report data security breaches. The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023. These new requirements have significant implications for businesses, especially those dealing with sensitive customer information.
Curious to know what defines these non-banking financial institutions? There is a great resource through the Code of Federal Regulations7 that can be referenced below. To summarize, the FTC website(2) “includes mortgage lenders, payday lenders, finance companies, mortgage brokers, account servicers, check cashers, wire transferors, collection agencies, credit counselors and other financial advisors, tax preparation firms, non-federally insured credit unions, and investment advisors that aren’t required to register with the SEC.”
Tied Together
Where does cyber insurance come into play? Through complying with frameworks, insurers are more likely to view the cyber security posture of an organization as strong. This allows agents, like me, to negotiate on your behalf. Organizations could see a drop in premium or more favorable terms in their policy.
My goal is to help SMB and middle market accounts mitigate cyber security vulnerabilities and be rewarded for those investments. In some cases, becoming compliant with frameworks like the FTC Safeguards, organizations can offset the cost with savings in premiums and even put money back in their pocket.
In short…framework compliance = leverage to reduce premium + better protect your organization against cyber events.
Cyber Insurance in Fargo
In Fargo, cyber insurance policies are readily available and affordable. I am an agent who is certified as a cyber insurance specialist and risk management. I work with SMB and middle market accounts on improving their overall cyber security posture. With the upcoming FTC compliance requirements, it is more crucial than ever for businesses to consult with their insurance agents to find a cyber insurance policy that best fits their needs.
My name is Jake Nystrom, I can be reached at 701-237-6651. There is a lot to unpack here, with regulations and frameworks expanding far beyond what was touched on. For more, tune back in, we will start to uncover how to crosswalk frameworks to your security controls.
In the meantime, couldn’t hurt to talk.
References: