Imagine your worst fears realized: you open your laptop first thing Monday morning, prepared to answer a stream of emails from clients and vendors, only to encounter a frozen account with a message demanding thousands in bitcoin in order to regain access.
In a panic, you begin reaching out to your employees, only to find that your shared files and CRM are also locked. As the morning progresses, you realize that your company is the victim of a widespread breach affecting your crucial operating systems. The one bright spot? You remember, thank goodness, that you underwent a lengthy questionnaire with your IT service company last fall when you renewed your cybersecurity insurance policy, the policy for which you paid in full at the time. You’re covered.
But…hold on a minute. What you won’t realize for another month is that when your CFO insisted that his multi-factor authentication be turned off two months ago, because it was a nuisance while he was traveling, he inadvertently opened a door to malicious hackers. Not only did his lack of vigilance lead to your current situation, but it also voided your insurance policy.
If you’re under the impression that taking shortcuts or sidestepping any of the requirements for your cybersecurity insurance policy really isn’t a big deal, think again.
Last summer, Travelers insurance argued that their insured (Illinois-based manufacturer International Control Services) falsely verified its use of multi-factor authentication (MFA) on all its company devices. However, ICS was only using the security tool on its server, leaving a number of devices unsecured. When the company filed a claim after experiencing a ransomware attack last May, Travelers’ investigation found that the ICS application statements were, “misrepresentations, omissions, concealment of facts, and incorrect statements.” Travelers has asked that the court declare the policy null and void.
If you believe your business may not comply with your insurance company’s expectations, give us a call today or fill out a request here. We offer a free security audit for qualifying businesses that will uncover any gaps that may void your cyber insurance policy.