Are your information management practices hindering your ability to obtain cyber insurance?
Cyber liability insurance is front of mind for many organisations in the wake of recent high-profile data breach incidents. However, many organisations find themselves unable to obtain cyber insurance because they do not have visibility over the information they hold, where it is stored and how it is managed and protected from creation or collection through to disposal.
GWI Associate Director, and privacy and information management specialist, Jane Brimacombe details her insights on what business leaders must know about obtaining cyber insurance.
What do insurers want to know?
Insurance companies want to know the personal information, health information, financial (including payment card) information and commercial-in-confidence information your organisation creates and/or collects. They want to know how your organisation is storing and protecting this valuable information throughout the information lifecycle. Insurers want to know how you are managing your information risks with your SaaS providers. They want to see your compliant privacy policies and retention and disposal policies applicable to every jurisdiction in which your organisation operates. They want to understand how you share information both within and outside your organisation.
What are the main reasons organisations are unable to obtain cyber insurance?
Organisations with poor information management practices are high-risk for insurers due to:
- A lack of information governance
- Information sprawl across applications and storage locations
- Limited visibility and discoverability of information
- The absence of an accurate information asset register
- The over-retention of information
- The inconsistent application of security and access controls due to inconsistent information classification
- Insufficient processes and controls for information sharing
- The inability to monitor access to sensitive information
- A lack of onboarding and ongoing training.
What can you do to improve your information management practices?
GWI has deep experience in guiding our customers in improving their information management practices.
Here are our top tips:
- Establish good governance practices across people, process and technology
- Ensure policies are up-to-date and supported by procedures and processes
- Establish and apply a business classification scheme and retention and disposal schedule
- Complete an audit of information assets across applications and storage locations
- Apply consistent information classification
- Establish or update an information asset register
- Develop and implement information management training.
Get in touch with Jane and the GWI team to learn more about how our services will help your business improve its information management practices.