I have been required to establish a Written Information Security Policy (WISP) by the enactment of the Gramm-Leach-Bliley Act through the Federal Trade Commission. I have attached a link for the Publication 5708 provided by IRS to assist any of you that might be affected by this as well. Personally, I think it is a good idea for any business to have. If you are storing information about customers/employees/subcontractors/etc. that includes Personally Identifiable Information (PII) which is any information not publicly available (i.e. SSN or EIN), I think it prudent to have a policy and the appropriate insurance in place.
Furthermore, I chose Hisox for my coverage, and they could not have been more helpful and reasonably priced.
Apparently, we all need to spend time to protect ourselves from those that “make a living” hacking computers.