Let's face it, you didn’t start your own company or decide to build an innovative solution with the goal of being a safe, cautious, risk-averse organization. You want to break things! Disrupt! Create! The challenge comes that once you bring your technology to market and ask another entity to pay you actual money for your innovation. This is where your client’s risk assessment journey begins. As we’ve discussed in other blogs, the assessment of reputational, operational, regulatory risk by enterprise will be centered on the information security program of your company. However, even with a robust governance program, cyber insurance often remains a critical back stop for most larger enterprises.
In this article, we’ll explore that form and types of insurance are typically required in the B2B enterprise marketplace.
Risks Associated with Software Development
If you are an innovation company, there are several aspects of your software development process (SDLC) where you need to identify risk, including:
Vulnerabilities in code including bug tracking effectiveness Vulnerabilities in open source libraries Systemic risks in driving toward deadlines, design reviews Gaps in testing protocols and developing a culture of code review To mitigate these risks it is important to implement automated evidence gathering and develop a comprehensive DevSecOps program that assigns each developer a scope of responsibility to verify protocols are followed before code is released along with independent oversight by technical leadership to verify internal code check reviews have been completed.
Risks Associated with SaaS Environments While several large Platform as a Service (PaaS) vendors have attained relevant security accreditations, the fact that your application runs in these secure environments does not adequately cover the risk from data loss or compromise from your application. Most larger enterprise clients will want to verify that you taken significant and measurable steps to protect your business and your technology. To that end, SOC-2 and ISO certifications have become more of a minimum benchmark, but most F500 companies will also require cyber liability insurance. Cyber liability insurance is typically comprised of:
Technology errors and omissions liability coverage Network & information security liability coverage Communications & media liability coverage Expense reimbursement coverage
Cyber Liability Insurance Explained
Beyond the concern for the security of your software tech stack, you must consider the likelihood of data breaches, cyber attacks on your application infrastructure and theft of intellectual property. You should also consider coverage for third-party damages too, which are as a result of the failure of your company to respond to a data breach. To understand this better, here are some examples of such claims:
Your hosting vendor’s databases are hacked and users sue for information getting leaked. An employee misplaces a laptop or phone in a cab that’s picked up by someone who leaks private user data. You are hit with a Denial of Service attack and you have to shut down your website for hours/days, creating a significant loss in profits and incurring major expenses to recalibrate the networks to keep the website up and running. You are hit with a cyber attack that knocks out your customer’s service delivery and they suffer direct losses Threats related to ransomware attacks. There are some publicly available tools that do a great job highlighting the cyber risks facing enterprises today. Tugboat Logic does not endorse or take responsibility for these information sources: Chubb Cyber Index, Traveller’s Pressure Test , Symantec Cyber Report.
Cyber Insurance Coverage Overview
Summary For every enterprise that collects or processes customer data, particularly technology start ups, cyber risk insurance coverage is critical. Even if you want to initially defer the expense and take a chance, you may likely face no choice but to obtain insurance coverage in order to transact with a larger enterprise client. When combined with a custom Tugboat Logic Assurance Report, cyber liability insurance will provide you the tools to address the concerns of any F500 enterprise.