We see it all the time, you go to renew your cyber insurance policy or apply for new converage and the carrier gives you a mile long checklist with one of those items being “have you had a penetration test done in the last X years”. If the answer to that question is no, you could severely impact your coverage eligibility and potentially the premiums. Here are the top 5 things to know about getting a penetration test for cyber insurance purposes.
Cyber Insurance Penetration Test Scope
Many times, insurance carriers are vague or do not supply applicants with the proper scope that should be tested as part of a cyber insurance penetration test. This leaves much confusion to the applicant as to what (and how much) testing should be included. Typically, an external and internal vulnerability and penetration test will suffice, however, in some circumstances and depending on your business, web sites and applications could also be in scope.
Cyber Insurance Deliverables
It’s not uncommon to see the carriers requesting a testing attestation. This is a document that is provided by the penetration tester that outlines the scope of the testing, a timeline of the testing, and sometimes a high level overview of the results. This gives the insurance carrier enough information to prove that the testing took place but also does not disclose any results of said testing.
Cost of a Cyber Insurance Penetration Test
Penetration Testing does not need to cost $40,000 to be effective. As a matter of fact, if you’re a small organization, the cost could land under the $5,000 range!
Timeline for Testing
If timing or budget is an issue, insurance carriers can be lenient on the timing of testing. Typically, as long as the test starts within their timeframe and you can prove to the carrier that you’ve engaged a firm (furnish a signed statement of work) can be enough for them to allow you to perform the test at a later date.
Recurring Testing
A penetration test is something that carriers will likely want to see every year. If you engage a firm like us to perform testing, make sure to ask for a discount for something like a 3 or 5 year annual commitment. Most firms are more than willing to provide a discount for this!
Contact Us
A large portion of our business is helping businesses of all size with cyber insurance obligations. Please use the form below to contact us and learn more about how Hacket can assist you with your cyber insurance penetration test requirements!
Cyber Insurance Penetration Testing Request Form
Use the link below to contact us regarding a cyber insurance penetration test