Should I consider Cybersecurity Insurance for my RIA firm?

Cyber insurance offers an important service to registered investment adviser ("RIA") firms that often remains underrated.

Focus on these cyber insurance best practices when obtaining coverage to help reduce risks for your RIA firm:

1.   Educate Yourself

Insureds who understand their exposures, how to protect themselves, and how different insurance policies afford coverage will face less risk and make themselves more insurable. Many companies don’t understand what cyber exposures they face. If they utilize technology in any of their business practices, they need coverage. Here’s what they need to know:
• Potential Exposure and Risk

Many small business owners don’t have cyber insurance because they simply don’t understand the consequences they could be facing. Do you process online payments? Do you collect personally identifiable information (PII) or hold client financial records? Even if you just use technology you are at a large risk of ransomware.  If so, you could be at serious risk. It’s important to consider your specific business practices in order to determine what could potentially be exposed and what type of coverage is needed to protect that exposure. 

In addition to purchasing a cyber insurance policy, make sure you’re up to date on the latest cyber security practices in order to have a robust cyber security posture. Focusing on cyber security education in company culture is key in identifying constantly evolving threats.

•   Rules and Regulations

Cyber is complicated and the rules and regulations that must be followed in order to make sure you are appropriately handling all collected data are one of the most complicated aspects. Failure to comply with these regulations can result in fines and penalties from a variety of state or federal regulators. You need to make sure you are familiar with a number of compliance measures, including:

a.   PCI-DSS (Payment Card Industry Data Security Standards)
 Level 1: More than six million Visa/Mastercard transactions per year
 Level 2: Between one and six million transactions per year
 Level 3: Between 20,000 and one million eCommerce transactions per year

 Level 4: Fewer than 20,000 eCommerce transaction or up to one million storefront transactions     per year

b.   HIPPA Privacy and Security Rules

 The Health Insurance Portability and Accountability Act mandates rules and regulations     designed to protect consumers’ health care data. 

c.   GDPR

The General Data Protection Regulation consists of rules and regulations regarding personal data for companies in every country that handles data from EU-residents. These fines and penalties are globally known for their aggressiveness.

d.   State Data Breach Notification Laws

Staying current on all data breach notification laws on a state-by-state basis can be challenging as there can be important differences. As cyber attacks continue to rise, states are forced to respond quickly and potentially change statutes accordingly, which makes constant compliance difficult.

•   Financial and Reputational Damages

If you knew the full potential of the costs you could be facing, you wouldn’t go another day uninsured. These attacks can cost hundreds of thousands of dollars for even small businesses and won’t go away immediately. The financial and reputational impact of a cyber event can last for years, forcing many small businesses to fold. 

2.   Utilize Efficient Processes

Cyber insurance can be complicated, but finding the right policy doesn’t have to be. Using an insurance comparison tool can save you time and make the process seamless. This comparison tool with Assetsure will allow you to compare multiple quotes in minutes and an independent broker from Assetsure will reach out to discuss the differences in carriers and coverage to find you the right policy.

• There’s no further need to enter a risk into the portal five, six, or seven times. With a cyber insurance comparison tool, compare multiple insurance quotes from multiple carriers in just minutes.

• With the option of so many different cyber insurance companies, ProWriters and Assetsure can outline which market is the best option, which may vary for each risk.

3.   Rely on the Experts

Cyber insurance is a complex and volatile industry as cyber threats evolve every day with new forms of attacks. In response, policies, statutes, and insurance coverages are rapidly changing to keep up with these threats, making it difficult for business owners to ensure compliance. In this complicated industry, it’s important to enlist an expert with quality industry experience to make sure you’re up to date and complying with all cyber-related policies.

This is a guest post from ProWriters Insurance. Learn more about ProWriters here.