RIA Compliance and Practice Management Blog

Cybersecurity Insurance Best Practices for Registered Investment Advisers

Posted by RIA in a Box

Jun 22, 2020 3:52:35 PM

RIA Cybersecurity Insurance

This is a guest post from ProWriters Insurance. 

Cyber insurance offers an important service to registered investment adviser ("RIA") firms that often remains underrated. Should they suffer a cyber attack, many small-to-midsize businesses are at risk of devastating consequences without the proper cyber coverage in place. In a society that relies so heavily on technology, a cyber attack, or security breach has become all but unavoidable. Helping you find the best possible coverage is an important investment in your financial security. 

Sign-Up Now for Our Free Vendor Due Diligence Platform

Focus on these cyber insurance best practices when obtaining coverage to help reduce risks for your RIA firm:

1.   Educate Yourself
Insureds who understand their exposures, how to protect themselves, and how different insurance policies afford coverage will face less risk and make themselves more insurable. Many companies don’t understand what cyber exposures they face. If they utilize technology in any of their business practices, they need coverage. Here’s what they need to know:
Potential Exposure and Risk

Many small business owners don’t have cyber insurance because they simply don’t understand the consequences they could be facing. Do you process online payments? Do you collect personally identifiable information (PII) or hold client financial records? Even if you just use technology you are at a large risk of ransomware.  If so, you could be at serious risk. It’s important to consider your specific business practices in order to determine what could potentially be exposed and what type of coverage is needed to protect that exposure. 

In addition to purchasing a cyber insurance policy, make sure you’re up to date on the latest cyber security practices in order to have a robust cyber security posture. Focusing on cyber security education in company culture is key in identifying constantly evolving threats.

•   Rules and Regulations

Cyber is complicated and the rules and regulations that must be followed in order to make sure you are appropriately handling all collected data are one of the most complicated aspects. Failure to comply with these regulations can result in fines and penalties from a variety of state or federal regulators. You need to make sure you are familiar with a number of compliance measures, including:

a.   PCI-DSS (Payment Card Industry Data Security Standards)
 Level 1: More than six million Visa/Mastercard transactions per year
 Level 2: Between one and six million transactions per year
 Level 3: Between 20,000 and one million eCommerce transactions per year

 Level 4: Fewer than 20,000 eCommerce transaction or up to one million storefront transactions     per year

b.   HIPPA Privacy and Security Rules

 The Health Insurance Portability and Accountability Act mandates rules and regulations     designed to protect consumers’ health care data. 

c.   GDPR

The General Data Protection Regulation consists of rules and regulations regarding personal data for companies in every country that handles data from EU-residents. These fines and penalties are globally known for their aggressiveness.

d.   State Data Breach Notification Laws

Staying current on all data breach notification laws on a state-by-state basis can be challenging as there can be important differences. As cyber attacks continue to rise, states are forced to respond quickly and potentially change statutes accordingly, which makes constant compliance difficult.

•   Financial and Reputational Damages

If you knew the full potential of the costs you could be facing, you wouldn’t go another day uninsured. These attacks can cost hundreds of thousands of dollars for even small businesses and won’t go away immediately. The financial and reputational impact of a cyber event can last for years, forcing many small businesses to fold. 

2.   Utilize Efficient Processes

Cyber insurance can be complicated, but finding the right policy doesn’t have to be. Using an insurance comparison tool can save you time and make the process seamless. This comparison tool with Assetsure will allow you to compare multiple quotes in minutes and an independent broker from Assetsure will reach out to discuss the differences in carriers and coverage to find you the right policy.

• There’s no further need to enter a risk into the portal five, six, or seven times. With a cyber insurance comparison tool, compare multiple insurance quotes from multiple carriers in just minutes.

• With the option of so many different cyber insurance companies, ProWriters and Assetsure can outline which market is the best option, which may vary for each risk.

3.   Rely on the Experts

Cyber insurance is a complex and volatile industry as cyber threats evolve every day with new forms of attacks. In response, policies, statutes, and insurance coverages are rapidly changing to keep up with these threats, making it difficult for business owners to ensure compliance. In this complicated industry, it’s important to enlist an expert with quality industry experience to make sure you’re up to date and complying with all cyber-related policies.

To get started on protecting yourself against cyber risk click here to download a cyber insurance checklist to make sure you’re headed in the right direction. 

Download Our Checklist on 10 Steps to Take When Selecting a 3rd Party Vendor

 

Topics: RIA Operations, RIA Compliance, RIA Technology

RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.

RIA Compliance & Practice Management

Stay up to date on the latest RIA compliance, operations, and technology topics.

Hear from industry experts as they keep you up to date on the latest regulatory developments and practice management topics.

Subscribe to Email Updates

Recent Posts

POSTS BY TOPIC

cta-ria-compliance

cta-ria-operations

cta-ria-technology