If you’ve taken out any kind of business insurance recently, you’ve probably come face-to-face with a cyber security insurance questionnaire. This is a series of questions insurance companies use to determine your cybersecurity posture and risk level, which is all then taken into account when determining your premiums.
Here at Smile IT we’ve been getting regular requests from our clients and other businesses to help out with their cyber security questionnaires. Given this uptick, we want to go over some of the basics of these questionnaires and how they can provide a boon to your overall business compliance.
Why are Cyber Security Insurance Questionnaires a Thing?
Cyber security has become something of a raging wildfire over the last few years, with businesses all across Australia affected. According to the Australian Cyber Security Centre, the number of attacks in the last year rose 13% to 76,000. Never mind all the incidents that went unreported…
The big concern for insurers is that the average costs of these cyber-attacks is also increasing. A single cybercrime ends up costing small businesses around $39,000, medium businesses $88,000 and large businesses $62,000 on average. That’s a year-on-year increase of 14%, and it doesn’t look like those rising costs are going to slow down.
Insurance companies are going to be super concerned with anything that affects the quantity and size of payouts. Thus, enter the cyber security insurance questionnaire.
What Does the Questionnaire Look Like?
The form that the questionnaire takes depends on the insurance company and what type of policy you’re applying for. More often than not, you’re gonna have to strap yourself in for a rigorous and in-depth set of questions that delve deep into your IT system, your network infrastructure and how you manage your data.
The insurer is trying to assess your vulnerability to a cyber-attack, and what kind of effect that would have on your business. You’ll be quizzed about the existing cybersecurity measures your business has in place, such as your email and web browser protections. They’ll also want to know about your malware defences, your access and administration privileges and what your hardware and software inventory look like.
Depending on the level of detail the insurer is after, a cyber security insurance questionnaire could include pages of questions. It’ll take up a few hours of your time, depending on how much knowledge of your IT system you have!
Can an MSP Complete the Questionnaire for You?
An MSP like Smile IT has the benefit of knowing their clients’ IT infrastructure and defences inside out. We have the answers to the questionnaire at hand and can fill them in accurately and efficiently.
This saves you a lot of time. There’s no researching the answers you’re not aware of, no trying to track down the right people in your organisation to help you fill in the blanks. We can fill in the questionnaire, and once you’ve reviewed it it’s off to the insurer, and you can rest assured its completed accurately.
There’s another reason we like to help you with your cyber security questionnaires for insurance…
Cyber Security Compliance
The cyber security insurance questionnaire can provide some powerful insights into your organisation’s compliance with various standards and regulations.
Compliance is adhering to a set of regulations and laws that industrial agencies and governments put forward. It ensures organisational activities are conducted in a way that meets these rules and ethical practices. There are various compliance frameworks that a business can choose to adhere to, such as the ISO 27001 international standard for information security. Smile IT is officially ISO 27001 certified, and it helps us ensure our operational processes are secure.
The depth of the questioning your potential insurer goes to about your cyber security can help with your business compliance as you move forward. Your answers determine if you meet the standards met by regulatory bodies, and what you need to do to become compliant with them. This can really help improve your compliance on an ongoing basis.
If Smile IT completes your insurance questionnaire, we can tie it in with our GRC (Governance, Risk and Compliance) Platform, Odzi. This is a flexible piece of software that allows you to build your own compliance frameworks or use the ones already pre-loaded into the system. It helps you manage your organisational activities in a manner that meets the standards and regulations of the chosen framework.
Get in Touch with the Cyber Security Experts
If you need help with your insurance questionnaire, or have questions about how to improve your cyber defences, get in touch with Smile IT. We’d love to chat about how to keep your business secure and compliant with the important standards and regulations.
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!