Pub. 22 2023 Issue 5

CUSTOMIZE COVERAGE THAT IS UNIQUE TO YOUR DEALERSHIP When considering cyber insurance, it is crucial for dealerships to seek policies that are specifically tailored to their unique risks and needs. Generic cyber insurance policies may not adequately address the specific vulnerabilities and exposures auto dealerships face. Look for policies that cover first-party and thirdparty liabilities, including data breach response costs, business interruption losses (whether the event emanated from the dealer’s network, or the network of an outside entity for whom the dealer is reliant for business operations), and cyber extortion (i.e., ransomware). Additionally, as dealerships’ social media footprints continue to expand, media liability coverage will become increasingly important. Coverage for regulatory fines and penalties, as well as reputational harm, should be considered as well. While these coverage elements are standard in many modern cyber insurance policies, it is the nuances, such as how a policy defines “private information,” “computer networks,” and triggers for regulatory coverage to engage if needed, that set these options apart from one another. For instance, if the recently expanded amendments to the FTC Safeguards Rule were to lead to audits of a dealership’s information security practices, would any of the fines levied against non-compliant dealers be covered by a cyber insurance policy, or would an actual data breach have to occur before coverage would be applicable? It is nuances like this that underscore the importance of working with seasoned insurance professionals with a broad knowledge of today’s modern privacy and security insurance landscape. MAPPING THE ROAD AHEAD Before obtaining cyber insurance, dealerships should conduct a comprehensive risk assessment to identify any potential vulnerabilities for the purpose of developing and communicating a robust cybersecurity strategy. At a minimum, that strategy should include: • An incident response plan that outlines the roles and responsibilities of ALL stakeholders in the event of unauthorized access to your networks • Implementing strong perimeter security that requires multifactor authentication (MFA) for all remote access to networks, email systems, and on-premises access to systems with elevated network administration credentials • Strong data backups that are encrypted, where access is also protected via MFA, redundant in multiple locations, and tested regularly to ensure efficacy • Encryption of sensitive data, both in transit and at rest • Proper network segmentation that prevents lateral movement across multiple areas of your business (i.e., finance, sales, parts, etc.) in the event of a network intrusion • Regularly scheduled and documented cybersecurity training as well as awareness program for employees that include periodic phishing simulations • Regular vulnerability assessments and scheduled patch management protocols to ensure software programs are equipped with the latest means to prevent unauthorized access Insurers may require evidence of these preventive measures as a condition of providing coverage. It is important to have a standard to measure oneself against, such as those provided by the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. By investing in proactive cybersecurity measures, auto dealerships can reduce the likelihood of a cyber incident and potentially lower their insurance premiums. For others, it may mean the difference between getting cyber insurance coverage and going without until improvements can be made. ENGAGE EXPERIENCED PROFESSIONALS WHEN BUYING INSURANCE Choosing the right insurance provider is crucial for car dealerships seeking cyber insurance coverage. Look for insurers with experience in the cyber insurance market with a deep understanding of the unique risks auto dealerships face. They should offer comprehensive coverage, prompt claims handling, and access to a network of cybersecurity experts who can assist in incident response and recovery. It is important to ask what proactive risk management solutions they can provide to help prevent costly cybersecurity events before they happen. Collaborating with cybersecurity experts can help auto dealerships stay updated on emerging threats and implement effective risk management strategies. Insurers should offer their insight into vulnerabilities that might be associated with a dealership’s outward-facing network infrastructure (i.e., the same view bad actors have) to help bring attention and urgency to needed adjustments. This would reduce risk to the dealership while simultaneously making them a more attractive client to insurers. As cyber threats and the associated regulatory environments continue to evolve, auto dealerships must prioritize cybersecurity and consider cyber insurance as an essential component of their risk comprehensive management strategy. By understanding the growing threat landscape and potential financial, reputational and regulatory implications; the need for customized coverage; the importance of risk assessment and prevention; and partnering with experienced insurers and cybersecurity experts, dealerships can better protect themselves from cyber risks. Investing in comprehensive cyber insurance coverage will provide peace of mind, financial protection, operational resiliency and help ensure the long-term success of the dealership in a constantly evolving digital world. Steve Robinson is National Cyber Insurance Practice Leader at Risk Placement Services, a Division of Gallagher. He can be reached at (410) 901-0704 or, via email, at steven_robinson@rpsins.com. 27 new jersey auto retailer

RkJQdWJsaXNoZXIy MTg3NDExNQ==