Insurance (Photo credit: Christopher S. Penn)
I’ve had two clients in two weeks present to us as part of an assessment an incident response plan template provided to them as part of the documents their cyber liability insurer provided them along with their policy. Neither client had done anything with the template yet presented them as proof that they did indeed have an incident response plan.
Incidents that are handled on the fly without any prepared plan can be a magnitude more costly thatn those that are managed through a prepared plan. For that reason I think it is a good thing that the insurance companies have provided a template that provides structures for a plan. It is good for the client, the insurer and everyone else involved.
My concern is neither client felt compelled to do anything with the templates that were provided. In the heat of the moment following an incident they are going to manage things on the fly. Will that impact their coverage?
Both clients thought that the template was the plan and didn’t realize that it needed additional attention to be completed.
So beyond saying incident response plans are good and templates that are not completed are bad, I’ve got more curiosity than conclusion.Some questions for discusion:
- Have you invested in cyberliability insurance as part of your risk management strategy? Are you doing what is necessary to meet the requirements of your insurer to have coverage in the event of an incident?
- Did you get an incident response plan template or any other security operations templates along with your coverage? Is coverage incumbent on those templates being complete and used? Did you complete them?
I would welcome a conversation with you about the role cyberliability insurance plays in your risk management program including a discussion of your answers to my questions above.