Most organisations store or process data and have IT operations; cyber insurance has been tailored to address network and and data privacy risks. Questions you need to ask yourself:
Dependence on your data and systems?
- If access to these was removed, could you recover from scratch and if so, how long would it take and what would it cost?
What data do you store/process/have access to?
- What could the impact be if data were lost or compromised (own or 3rd party)?
If an incident occurred, who would you get to investigate and assist in recovering from the incident?
- Are you equipped to conduct a proper forensic investigation?
- What would it cost to conduct a forensic investigation?
- What could the potential impact be of not investigating and managing an incident correctly?
What could liability and defense cost total?