cyber insurance checklist

Cyber Insurance Checklist

A cyber attack could happen to any business, big or small. Many small businesses feel as though they are too small to be targeted. However, since small businesses often have this mindset, hackers will frequently go after small businesses knowing that they probably do not have the security measures in place to deter them. It’s important to assess your cyber security risk. This checklist is a good starting point. However, you should speak with your insurance agent to address and questions or concerns you have about cyber insurance coverage.



  • Do you have cyber security policies that conform to the size and culture of your small business?
    • Have you written down these security policies?
    • Are these policies enforced?
    • Do they need updating?
  • Do you have a software and hardware asset inventory list?
    • Is the data classified its usage and sensitivity?
  • Do you have established ownership of all the data?
  • Are all employees educated on safe cyber security practices?
  • Are employees being screened prior to being hired?



  • Do all the computers have anti-virus software?
    • Is the software active on all the computers?
    • Does it need to be updated?
  • Are emails from unknown sources deleted?
    • These emails should not be opened.
  • Is the data on your computers backed up regularly?
  • Are the passwords strong?
    • Are there regular and mandatory password changes?
    • Do the passwords include one uppercase, one number, and one special character?
  • Are security patches and updates performed regularly and promptly (by either IT staff or manually)?
  • Are computers disconnected from the internet when not in use?
  • Are certain systems with sensitive information restricted to managers only?
  • Do you have a personal firewall on your computer?


IT Staff (if you have one)

  • Are software patches updated regularly?
    • Are they well maintained?
    • Is there a regular update schedule?
  • Are security tests being done?
  • Is there physical security to computer systems?
  • Do all computers have active anti-virus software?
  • Are mobile devices are secure with passwords?
  • Is data on mobile devices is encrypted?
  • Are backups of the systems being done regularly?
  • Are you subscribed to security mailing lists?
  • Are you reporting and documenting issues and risks?


Business Practices

  • Is there a response plan in the event of a data breach?
  • Have you assessed the potential risks and sources of disruption?
    • Is there a program in place to reduce the chance of a disruption?
  • Do you have a list of customers, employees, and suppliers in a location outside of your business?
  • Do you have adequate cyber liability insurance in the event of a data breach?


While this list is a good place to start assessing your cyber liability risk, it’s not a bad idea to consult with a professional. They can help you determine which areas you are most vulnerable and they can suggest ways to improve your cyber security. You should also discuss cyber insurance with your agent. Depending on your business, company culture, and other factors, you may need coverage. If there are any changes in your business, it’s a good idea to update them with your insurance agent. No matter how big or small your business is, it’s important to protect it!


Call an Encharter agent at 888.754.829 to discuss cyber liability and your cyber insurance policy!


Additional sources:

Read More