Encryption, Firewalls & Business Insurance


Networks become increasingly complex as businesses grow.

To help offset the cost of implementation, encrypting data should result in lower insurance premiums for businesses.  However, inadvertently representing to an insurer that “all” or “100%” of your data is encrypted and/or protected by firewalls could potentially leave you without insurance coverage after a data breach.

Any time a business makes a key improvement to their risk management practices, this can be used to help lower the cost of business insurance.  Formalizing a company policy requiring encryption of data is a key change in information security practices and should result in premium credits.

Credits could be applied to one or more commercial insurance policies that address data security, including a General Liability policy, a standalone Cyber Liability/Data Breach policy or an Errors & Omissions policy, depending on how coverage is packaged together.

The time to look for a decrease in premium is when your policy renews but be careful not to inadvertently represent to an insurance company that “all” of your data is encrypted or firewalled, even if that is in line with your company policy.

The question may appear on an application as follows:

Is all of your data encrypted? Yes () No ()

One good way to answer this question is to check “yes” and then hand-write in the margin “to the best of our knowledge.”

Why is it important to avoid guaranteeing data encryption and firewalls?  Some insurance companies have been known to deny coverage for businesses that thought and represented that they were 100% protected but were unaware of some vulnerability that resulted in a claim.

Logistically, Wi-Fi and network systems become increasingly more complex for companies that have expanded to more than one office, especially when expanding across borders, or even when new employees and computers are added in a single office building.  At some point during the setup, training, normal daily use & troubleshooting, through the end of the useful life of the hardware, it is likely that a firewall will be down or that some unencrypted sensitive data will be accessible to data thieves.  Therefore it is better to avoid all encompassing “yes” answers to this increasingly pertinent risk management question.

Information Technology Blog Home Page

RISKPRO is a commercial insurance agency and risk management consulting firm in Dallas, TX.  Visit us online at www.riskpro.us/quote for commercial insurance quotes.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>