If you are responsible for your company’s IT services and security, you’ll be acutely aware of the consequences of a cyber incident.
A crucial element to safeguard your business is obtaining Cyber Liability Insurance. This insurance provides financial protection for cyber incidents such as data breaches, ransomware attacks, or phishing attacks.
However, securing this insurance requires meeting specific technical and operational standards. Here’s what insurers typically look for and how to ensure your business meets these requirements.
Strengthening Your Security Controls
Endpoint and Network Protection: Insurers want to see that your business uses comprehensive security measures. This includes antivirus and endpoint detection tools, patch management software, and intrusion detection systems. Additionally, network firewalls and VPNs protect your business from external threats.
Regular phishing simulations and end-user cyber awareness training give insurers comfort in knowing that you are taking your cyber security measures.
Device and Access Management: It’s essential to block USB ports, use password management software, and implement domain name transfer locks.
Host-based firewalls, hard drive encryption, and application whitelisting protect your business from internal and external threats. Email spam filtering and authentication standards like DKIM, DMARC, and SPF all help prevent phishing and email spoofing.
Operational Practices for Enhanced Security
Multi-Factor Authentication (MFA): Using MFA on all equipment and user accounts should be considered a mandatory security measure for insurers to provide cover.
Access Control and Software Management: Ensure administrator permissions are restricted to authorised personnel only. Keep all software and operating systems up-to-date and correctly licensed. Use unique login credentials for all devices and services and disable autorun and auto-play features to prevent malware execution.
Public Access and Display Security: Make sure that devices and network ports are not accessible to the public. Position administrative screens to prevent the public from viewing sensitive information.
Issue Identification, Incident Recovery, Continuous Monitoring and Testing
Utilise Security Information and Event Management (SIEM) services and cyber threat intelligence tools for continuous monitoring.
Regular vulnerability scans and penetration tests demonstrate to insurers that you are proactively identifying and mitigating potential threats. Having a dedicated or outsourced Security Operations Centre (SOC) and monitoring for password breaches also strengthens your security posture.
Incident Response and Data Backups: Maintain an incident response plan and up-to-date IT infrastructure documentation. Regularly back up your data locally and on the cloud and frequently test these backups to ensure data can be restored. Secure storage of backups and limiting access to authorised individuals only are key practices.
Governance Controls for Robust Security
Regular Reviews and Policies: Make information security and data protection a standing agenda item at directors’ meetings. Conduct annual external reviews of these practices and maintain an up-to-date IT asset register. Implement comprehensive policies for data protection, remote working, and patch management.
Accountability and Training: Assign specific employees responsible for IT infrastructure, information security, and data protection. Regular training on these topics ensures accountability and awareness across your team.
Certifications: Obtaining relevant accreditations, such as Cyber Essentials or Cyber Essentials Plus, demonstrates your commitment to high-security standards and facilitates insurance approval.
Meeting the above requirements helps secure Cyber Liability Insurance and strengthens your business’s overall security posture. Implementing these best practices protects your company against cyber threats and ensures effective incident recovery.
If you’re unsure how to implement these suggestions or want more advice on keeping your business secure, our team can help; contact us.