Cyber Security – Controls & Coverage Checklist
Diocese Cyber Liability Checklist
Even with the increased awareness of cybercrime, many churches and religious organizations still feel that they are too small to be targeted by cybercriminals or don’t have data that would interest hackers. Nothing could be further from the truth. Last year, cyberattacks and ransomware targeting churches and schools hit record highs, with K-12 schools the top targeted sector. Schools are now the most popular targets of ransomware attacks, according to the FBI.
Most dioceses cyber liability insurance is embedded within their property and casualty insurance package. While the cost is minimal, coverage is limited, and limits are low especially considering the perfect storm cybercriminals are experiencing in recent times. That is poor cyber security controls and the world of cryptocurrency.
The scope of cyber insurance coverage is challenging because there is no standard cyber liability insurance policy wording. Therefore each cyber policy varies greatly. Further complicating the matter is that insurers are continuously inserting restrictive changes resulting from the onslaught of recent cybercrime incidents.
In general, cyber policies generally cover two types of risks. First, first-party coverage is for the policyholder’s losses or damages incurred when responding to a data breach or other cyber incident. Second, third-party liability coverage protects in the event of claims against the policyholder because of a data breach or cyber incident. However, policy wording and coverage terms are highly variable.
WRS has developed Cyber Liability Coverage Checklist to ensure dioceses are adequately insured. We recommend completing this checklist sooner than later as you would not want to discover that you had inadequate coverage after being subjected to a cyber incident.
Higher Ed Cyber Security Controls
Significant losses combined with a lack of reinsurance are disrupting the cyber market and resulting in a growing number of mandatory security controls that must be in place before an insurer will consider offering terms.
While the list of controls varies from insurer to insurer, the most common by far is for Multifactor Authentication (MFA) to be in place for remote network access, privileged/administrative access, and remote access to email before releasing renewal terms. WRS has developed a cyber security checklist, which allows you to assess how you align with insurers growing list of required security controls.
Given these developments, we encourage you to prepare now for your next renewal.
K-12 Cyber Security Controls
Significant losses combined with a lack of reinsurance are disrupting the cyber market and resulting in a growing number of mandatory security controls that must be in place before an insurer will consider offering terms.
While the list of controls varies from insurer to insurer, the most common by far is for Multifactor Authentication (MFA) to be in place for remote network access, privileged/administrative access, and remote access to email before releasing renewal terms. I have attached our Cyber Security Controls Checklist, which allows you to assess how you align with insurers growing list of required security controls.
Given these developments, we encourage you to prepare now for your next renewal.
Cyber Liability Coverage Checklist
Cyber Security Controls Checklist