Cyber Insurance Q+A for Architecture and Design Firms

Welcome to another episode of Design Under Influence!  

On this podcast, we take a deep dive into how architecture and design firms can make technology their competitive advantage.  

If you’re a designer, architect, or engineer; you’ve come to the right place!  

Today we’re digging deep into cyber insurance—following up on the theme from the last episode “How scammers use phishing and social engineering to steal your money and data. “ where we talked about the dangers of phishing and cyber-attacks.

We’re also extremely excited to introduce a guest on the Pod—Zachary Waters—to help explore the world of cyber insurance and how it can go to work for you!  

Zachary has been working with architects and engineers for the last five years to provide insurance.  

Cyber insurance is on its way to becoming as important as liability insurance.  

It’s a bold statement.  

But cyber-attacks are becoming increasingly common, especially with the emergence of COVID-19 making the nature of our work more remote.  

The biggest exposure for architecture and design firms is a cyber-attack. The risk of a hack or employee error can cause your firm some serious problems down the road.  

Since March of 2020, we’re seeing 4x more attacks from ransomware, phishing, and social engineering.  

The unfortunate reality is it’s not if a cyber-attack happens to you, but when.  

Cyber insurance isn’t new, but it’s becoming much more prominent.  

Take car insurance, for example. We know that driving is a high-risk activity, so we insure our cars to make sure that we’re covered.  

However, we still have this idea that it’s not going to happen to me.  

But just because you’re a good driver doesn’t mean that accidents can’t happen.  

The same is true with a cyber-attack. You don’t want to be a small firm that walks in on Monday morning to discover that you have lost control of your system, being held ransom by your private information.  

In the past, this has been viewed as a big-firm problem. Today, it’s an everyone problem.  

Sole proprietors are especially at risk. Usually, these individuals have the lowest amount of protection, making them an easy target.  

So how does a cyber insurance policy work?  

Like any insurance policy, pricing is going to depend on:  

  • The size of your firm 
  • How much revenue your firm needs to protect  
  • Number of employees  
  • Current risk management systems in place 

The onboarding process for cyber insurance is fairly simple. You’ll have to give some information about your firm, and then go to work to find the plan that is right for your firm.  

Something to keep in mind is that general liability policies might give you the option to add on cyber insurance.  

Be wary of these add-on plans. They are usually incomprehensive, cheap, and neglect to cover both first party and third party.  

These add-on plans are usually small limits and exclusively for third-party (client) coverage. They’re unlikely to be able to handle a significant cyber event.  

Let’s say I run a 60 employee architecture and design firm. I walk into the office one day, and I’m locked out of all my files with a message waiting that says: You will not have access to your files unless you give us a million dollars.  

Under cyber insurance, what are the next steps?  

You give your cyber insurance agent a call. The agent will go to work right away, as time is of the essence.  

The agent will then bring in an expert negotiating team and forensic recovery team.  

There will be an analysis of what has been lost. Usually, at this stage, business owners make the troubling realization that they have much more sensitive data than they’d originally known.  

Employee social security numbers and health benefits, confidential client information, and other sensitive information tends to reveal themselves rather quickly.  

Once an IT firm like ArchIT is called, the business owner can be assured that there are backups for their system’s data.  

This is when the recovery process for files begins. Recovery time will depend on the size of your firm. Usually, this is anywhere for 4-8 hours.  

As a safe estimate, in the event of an attack, you will be down for at least a day. And this is if you are working with a trusted IT firm; the best-case scenario.  

If you don’t have the proper backup systems in place, this can become a much bigger problem. You could be down for several days or more.  

So how do you know if your IT provider is doing the proper work for your firm?  

You should be getting status reports from your IT provider about the backup of your files. Make sure that your provider is conducting regular tests so that you know you can recover data in the event of an attack.  

ArchIT runs drills to make sure that restore is possible for all its clients. Your provider should be doing the same!  

If you don’t have cyber insurance, you’re likely going to be paying for everything yourself. This could be catastrophic for your business.  

Don’t let a cyber-attack be a knockout punch for your business. Be proactive instead of reactive, and protect yourself with cyber insurance.  

ArchIT specializes in providing IT services for architecture, design, and engineering firms. Got questions? Reach out!