As the owner of a small or medium-sized business (SMB), you may wonder why cyber insurance underwriters are so meticulous when asking questions about your company’s customer records during the process of securing cyber insurance. To help you better understand this process requires looking at things from the underwriter’s perspective, particularly for businesses that store excessive (and in many cases, unnecessary) customer data that may contain sensitive information.
Today, most SMBs simply don’t have a specific process in place for regularly deleting unneeded customer files that may contain personally identifiable information (PII) or protected health information (PHI). This can result in a very large (and growing) number of records stored on a company’s database year after year – and to a hacker, the greater number of records a business has, the greater likelihood there is sensitive data contained in those records that they can exploit.
When it comes to cyber insurance, the role of an underwriter is to learn everything about a business so they can best determine the risk exposure and how enticing a company may be to hackers. From an underwriter’s point of view, asking questions such as the estimated number of customer files your company’s database contains, the percentage of records that may contain PII or PHI, and your process for evaluating and purging data that is no longer relevant is vital to assessing risk. Understanding these factors is essential to evaluating your cyber insurance needs and ensuring that you secure adequate coverage to protect your business against potential data breaches and cyberattacks.
Why proactive customer data management is so important
For a business owner, it’s important to regularly evaluate and purge client records as part of a responsible customer data management process. In doing so, you not only better protect your company from reputational damage and/or a financially devastating cyberattack, but also demonstrate to your customers that you are committed to safeguarding their private information.
When it comes to record management, best practices for SMBs should include:
- Limiting the total amount of sensitive data you collect and store (e.g., only collecting the last four digits of a social security number and using techniques for replacing credit card information within a data record with artificial identifiers)
- Automating the data-purging process
- Knowing the percent of PII and PHI data you have stored on customer records
- Making company policy changes to only collect necessary information
- Establishing a method for permanently deleting unnecessary data so it cannot be restored
- Regularly reviewing and updating your customer data management program
- Limiting access to sensitive data, and protecting access with security such as MFA
Maintaining a healthy customer data management plan also includes regularly scrubbing and purging information that no longer serves a meaningful or useful purpose. This can:
- Improve business efficiency by keeping the amount of data you store at a more manageable level
- Ensure the records currently retained by your business are updated and accurate
- Clear your database of outdated and unruly files and free up additional storage space
- Allow you to create smarter and more streamlined marketing campaigns using data that is clean and relevant
Proactive record management is a vital best practice for safeguarding the personal information of your customers. Underwriters know this. Therefore, asking multiple questions about the number of client files you store and what customer data management best practices you have in place shouldn’t be viewed as invasive or a method for offering or declining your coverage. Instead, you can feel confident that these questions are being asked by skilled underwriters so they can help enhance the security of your company and provide affordable coverage options that meet your needs.
As a cyber insurance professional, I understand the cybersecurity challenges that SMBs face every day and the importance of helping my clients secure the right coverage. Whether you run an accounting firm, dental office, or other type of company that collects and stores personal information, it’s in your best interest to understand how the underwriting decision process works. By establishing a regular program of reviewing and purging your company’s database of unnecessary records, you can impact those decisions.
About eSpecialty Insurance and Bob Sargent, Founder & CEO
eSpecialty Insurance was established to revolutionize the customer journey in specialty insurance. With years of experience in addressing unusual, complex, and challenging cyber exposures as both an underwriter and a broker, Bob and his team help SMBs (like yours) secure comprehensive insurance solutions at competitive rates.
To learn more, email [email protected] or call (435) 252-1077.