If you have not already done so, a pro-active understanding and evaluation of insurance coverage protecting your financial institution from data compromises, digital theft and extortion and other cyber events is certainly warranted.
Please allow the presentation of the following analogy. If you have a car, chances are that you are required to carry a minimally prescribed insurance policy as dictated by your state’s motor vehicle laws. Typically, this is a policy written to protect anyone that you might injure, property you might damage or yourself, while driving your car. It is likely a basic automotive insurance policy that does not cover your own automobile from damage. If you add comprehensive or collision coverage, you will have coverage for repairs or replacement to your own vehicle if it is damaged, destroyed or stolen. As such, it is only a policy with comprehensive or collision coverage that provides the peace of mind as a car owner that if something bad happens to your car, you have limited loss exposure for your own vehicle.
Think of the customer data that you hold as an asset, with intrinsic value just like the car in the previous example. When your organization holds the risk for data loss, either from a breach that compromises the security of confidential data, or if an uninvited saboteur threatens, destroys or prevents you from accessing your data, isn’t insurance an eective risk and loss mitigation strategy? Of course it is. The key question is what are the right policy types and coverage? As the article subtitle implies, it may be too late to understand and verify your coverage after an event has occurred.