FDIC published some guidance today regarding Cyber Insurance and an aspect to your Risk Management efforts I have been discussing and recommending for several years now. Cyber Insurance isn’t a replacement for good IT Risk Management, risk policy and/or breach planning, but an additional tool that can assist in mitigating the potential impact of a cyber incident.
Ask yourself, how well am I positioned to respond to a breach? Do you know the laws in every state you have consumers impacted? Do you have the expertise to run a dedicated call/contact center program to address the volume of calls and inquiries you will receive? Do you know what is required by each State regarding notifications of breach? Most of us may have a formal plan, but how well has it been exercised if at all? Do you have a formal team and do they understand their specific roles when a breach occurs? Do you have internal counsel or outside counsel that is versed in cyber response? These are just a few questions you need to answer as you seek to understand your preparedness for what many consider an eventuality. Having a quality cyber insurance partner is essential to your risk management efforts and preparedness.