The Preliminary NIST Cybersecurity Framework (NIST CF) is currently available for everyone to read, digest, and improve. On October 29, 2013, NIST announced a 45-day public comment period on the preliminary Framework in the Federal Register. The NIST CF, like other frameworks out there, is to be used as a guide or reference point for companies building a Cybersecurity program.
Over the last year, experts have gathered- in panels and workshops- to discuss what impact the framework will have on Cyber Insurance. While folks like Tom Finan, of DHS, expressed ideas on what may come, many questions surrounding the topic still need to be answered. For example, if a company follows the framework, what exactly will be covered by their insurance plan? And, can Cyber Insurance companies handle a cyber event equivalent in scope and scale to a Superstorm Sandy?
Despite the many unanswered questions, the panels and workshops made one thing very clear: If your organization wants Cyber Insurance, regardless of what framework you adopt, be prepared to prove that you have all of your “Cybersecurity ducks” in a row. Insurers want to see that you take (and have taken) Cybersecurity seriously. Of course, you will be asked questions about firewalls and antivirus software- your technology infrastructure. However, insurers are increasingly asking questions that get to the heart of your company’s Cybersecurity posture. For example you need to be prepared to answer questions like, “How do you know you haven’t had a breach to date? Prove it to me.” And, “In the event of a breach, what role does executive management play? Who is responsible for conducting a forensic investigation?”
Bill White, CTO of ACS agrees:
“When it comes to getting Cyber Insurance, if you can’t prove that Cybersecurity is on the minds of everyone, from executives to interns, your application will be denied. Your people, policies, and procedures are just as important as the technology you have in place.”
Are you ready to answer these tough questions? Are you capable of proving that your answers are true and correct? If not, we can help. Our experts can provide you with Cybersecurity policies, procedures, and technology you need to get Cyber Insurance at the lowest possible premiums. At ACS, we can also train your employees on how to protect your data/IP, and instruct them on what to do in the event of a breach. Let us show you how easy Cybersecurity can be! Call us today! 610-755-0728 !