Data breaches, electronic theft and vandalism, denial of service attacks and even copyright infringement make protecting sensitive data an issue for every organization.
Trovato Associates customizable solutions offer the insurance protection you need.
As our reliance on technology and data continues to increase, cyber risk do as well. Learn more about these risks and the services Trovato offers to help our policyholders protect their business
Regardless of size or industry, all companies use technology in some way to deliver their products and services. Trovato Associates suite of cyber products integrates privacy, network, media, and Errors & Omissions products to provide the specific coverage you need..
1. Awareness: how often are your employees trained on cyber security?
2.Authentication: do you use and enforce password hygiene?
3.Encryption: is your sensitive data encrypted at-rest and in-transit?
4.Firewalls: do you limit ports on all Internet access points?
5. Anti-Malware: what anti-malware software do you install?
6.Systems management: do you have any unsupported software running?
7. Account management: do you restrict access based on job function and responsibilities?
When we think of Exposures in property, we think of things like natural disasters, fire, floods, theft, etc. To mimic that methodology for Cyber COPE®, we have to understand the underlying characteristic of a cyber exposure, then determine which ones apply to any particular company. The primary characteristic is that these exposures generally cannot be controlled. For example, in property, we can try to predict where a hurricane might strike, but we have no control over the hurricane itself. Relatedly, for cyber, we can try to predict which company a hacktivist might target, but we have no control over the hacktivist’s motivation or determination. Since these are more subjective measures, the elements captured for Exposures are presented as simple terms rather than leading questions:
• Handling of desirable information: corporate data, customer data
• Targeted attacks: motivated threat actors • Non-targeted attacks: unintentional human errors
• Third-party resources: outsourcing • Common software vulnerabilities: Java, Flash, Windows
• System/software errors: programming errors
• Compliance or regulatory requirements: PCI, HIPAA
As an example, let’s look at the first component identified, Handling of Desirable Information. Ideally, a company can control access to this type of data. But if you store/process millions of credit cards, you may outsource that function to a third party processor. The exposure still exists, but the protection is no longer within your control. And if multiple companies use the same payment processor as you, your exposure increases significantly due to risk aggregation. This is particularly true for your insurance carrier.