Key Cybersecurity Requirements for Cyber Insurability

When an organization or business becomes a victim of a cybersecurity incident, having cybersecurity insurance can help with some of the costs that are associated with recovering from the breach. 

Before we look at some of the common cybersecurity measures that are being required by cyber insurance providers, we strongly recommend that you engage with cyber insurance experts. Consulting with experienced and knowledgeable cyber insurance brokers and insurers is key to understanding the requirements. 

Let’s look at some of the common cybersecurity measures now being required by cybersecurity insurance underwriters. 

Multifactor Authentication (MFA)

This is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. MFA is a core component of identity and access management policies. It adds one more authentication requirement in case of stolen credentials. 

Patch Management and Vulnerability Management

Vulnerabilities in applications and software are an open door for cybercriminals. Having a strong patch management strategy and cadence is key to closing these open doors and mitigating risk. 

Endpoint Detection and Response (EDR)

This is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. EDR solutions are helpful in protecting and detecting against cyberthreats before they become an incident. Traditional anti-virus products are now considered obsolete. 

Email Filtering and Web Security

Email filtering services filtering an organisation’s inbound and outbound email traffic. Inbound email filtering scans messages addressed to users and classifies messages into different categories. These include, but are not limited to: spam, malware, virus, suspicious links, and others. Outbound email filtering uses the same process of scanning messages from users before delivering any potentially harmful messages to other organisations. Web security solutions focus on securing web browsing activities that have the potential of exposing employees to a number of threats, including phishing sites, credential compromise, and malicious downloads. These solutions are important as often, in fact … very often, cyber incidents begin with human error. 

Privileged Access Management (PAM)

This is a the combination of tools and technology used to secure, control, and monitor access to an organization’s critical information and resources. Privileged user accounts are serious targets for attack as they usually have high-level permissions, access to confidential information and the ability to change settings. If compromised, a large amount of damage could be done to organizational operations. Having the right tools to protect and manage these accesses is important to the protecting your organization. 

Cybersecurity Awareness Training and Testing

Given that over 85% of cyber incidents begin with phishing attacks, the importance of training and testing employees to recognize these threats on a regular basis cannot be overstated.  

Secure, encrypted, and tested backups

A business’ ability to operate after an incident is dependent on the quality of their data backup processes. Ensuring that you have 3 different copies of your data, on 2 different media i.e., cloud, external drive with 1 copy offsite and 1 copy that is offline (with no connection to the network) is crucial to the resilience of an organization. Of course, testing the backups to ensure that there are 0 errors after data recovery is a critical part of the data backup best practices mentioned above.  

Incident Response Planning and Testing

Having a plan as well as testing it on a regular basis is again critical to the ability of an organization to recover from a worst-case scenario.   

These are just a few of the common cybersecurity requirements we have seen. There may be others depending on the cyber insurance underwriter.  

As we mentioned above, as the cybersecurity threat landscape changes, so will the cybersecurity measures cyber insurance providers will require. Again, we strongly advise working with a cyber insurance expert to understand the requirements to prepare for requesting or renewing your organization’s cyber insurance policy. 

MicroAge works with organizations or all types and sizes to develop the right cybersecurity strategy and put in place the appropriate cybersecurity measures that can help with obtaining or renewing cyber insurance coverage for their organization. Contact us today to see how we can help you. 

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

Infrastructure informatique, IT infrastructure

5 Benefits of an Optimized IT Infrastructure

Is your current IT infrastructure helping your business thrive in its industry or creating obstacles for growth? If you’re still not using cloud technologies to…

Read More
cybersecurity trends 2020

Cybersecurity Trends to Watch for in 2020

Making a successful business is all about offering valuable products and services, but what do you do when thieves and hackers try to take valuable…

Read More

The Dangers of Dropbox

Do you know the dangers of dropbox and other cloud sharing apps? Learn more about how to keep your company's data secure while maintaining efficiency.

Read More

How to Know if DaaS is Right for Your Business

Over the last several blogs we have looked at what Device-as-a-Service (DaaS) is, its benefits, and how it differs from leasing. DaaS is a growing…

Read More

To Pay or Not to Pay: That is the Question That Ransomware Victims Must Answer

Most people never heard of the Colonial Pipeline Company before May 2021, even though it transports 45% of all fuel consumed on the US East…

Read More