Fire prevention elements played a large role in the planning of Philadelphia; streets were wider than average and brick and stone were common building elements. Despite these preventive measures and the efforts of firefighters, fires did still occur. Benjamin Franklin began to study this situation and stated “About this time I wrote a paper…on the different accidents and carelessness by which houses were set on fire, with cautions against them, and means purposed of avoiding them.” In 1736 Franklin and his fellow firefighters founded the first organized fire company in the colonies, known as The Union Fire Company.
When property and casualty insurance was first issued, Benjamin Franklin’s insurance company and all other insurance companies conducted preliminary inspections in order to manage risk. They wanted to make sure that a home was well constructed, later that the electrical wiring was up to code, that parapets were of sufficient height, separating buildings so that if a roof caught fire, the parapet would provide firefighters a few extra minutes to help contain a fire from burning all the nearby buildings. Later, property and casualty insurers would visit businesses to make sure their gutters did not leak – leading to ice on sidewalks (a slipping hazard) or high bushes (that burglars could hide behind). This was simply good due diligence that in turn reduced the insurers’ payouts. Cyber insurers are now doing the same thing – conducting due diligence inspections and asking whether businesses have a CSO, CIO, incident response plan, promptly install patches, etc. This is simply good business and you can benefit if you are prepared for the inspection.
Adoption of a comprehensive incident response plan is a major indicator to underwriters that an organization is sophisticated, understands that data incidents do occur regularly both within and outside firewall perimeters and has an early detection, containment and eradication plan in place to manage these incidents, thus protecting its data more effectively.
Early detection minimizes the time that an intruder has inside the system and thus, limits the access to critical data which, in turn, minimizes the resulting fraud and identity theft loss. In addition, implementation of an incident response plan is indicative of senior stakeholder endorsement of a culture of security within the organization, which is a key focus of underwriters’ current examinations.
Be prepared for a modern day cyber insurance inspection worthy of, and born from, the original due diligence of the first American property and casualty insurer, Benjamin Franklin.