Cyber Insurance Standards Are Going Up
The insurance carriers may not want your money if your cybersecurity standards aren’t up to par. 4it will help you qualify for the cybersecurity insurance you need.
During the past 12 months as many of our client’s cyber insurance came up for renewal, a clear trend has emerged.
Cyber insurance carriers are requiring more sophisticated written cyber policies, tools, training, and disaster recovery systems before processing the renewal, and in many cases are also significantly increasing premiums for individual cybersecurity risk items that are not being addressed.
This has nothing to do with whether there has been a claim or not in the past, and everything to do with what steps the applicant must now take to address cyber security risk. All the carriers now have additional forms filled with cybersecurity questions that must be answered accurately before the carrier will renew the policy.
Furthermore, you can be sure that if a claim against the policy is ever submitted, the carrier will check the answers provided to determine if there is any way for them to deny coverage.
25 Questions Your Cybersecurity Insurance Carrier Is Going To Ask…
- Does your business have a policy against opening unverified email attachments?
- Does your business keep malicious and spam emails out of staff inboxes?
- Does your business use an Endpoint Detection & Response (EDR) solution?
- Does your business use multi-factor authentication (MFA) on all user accounts?
- Does your business test cybersecurity standards with regular vulnerability scans?
- How many users have local administrator rights enabled?
- Do you have a content filtering solution?
- Does your business monitor traffic into and out of the network?
- Do your staff members have access to a password manager?
- Are admin accounts tracked and monitored to limit and log access?
- Do you have recent and tested backups of all mission-critical data, applications, and configurations?
- Do you have encryption for backups (both at rest and in transit)?
- Do you store backups on and offsite?
- Are your offsite backups protected by an air-gap and separate authentication mechanism?
- Is your cloud data backed up?
- Can staff members access business email on their personal devices?
- Can staff members send or receive PII, ePHI, or PCI data through business email?
- Do you have an email encryption solution in place?
- Is your staff regularly tested and trained on phishing and other social engineering attack vectors?
- Do you have a Security Incident and Event Management (SIEM) system in place?
- Do you have an update and patch management system in place?
- Does your business monitor its network 24/7?
- Do you work with a third-party IT company?
- Do you rely on a third-party Security Operations Center (SOC)?
- Do you have a Mobile Device Management policy in place to limit risks posed to business data by your employees’ personal devices?
If you can’t answer the question correctly and prove it, be prepared to have your coverage denied or accept a significant premium increase. Regardless, it is abundantly clear that the days of the wild wild west in cyber insurance are rapidly coming to an end.
4it is here to help.
How We Help Our Clients Qualify For Cybersecurity Insurance
- We can manage the questionnaire on your behalf, identifying any areas that require changes in order to help you qualify for a policy, or even a lower insurance premium.
- We endeavor to make modifications and changes that cost as little as possible. In many cases, it’s simply a matter of developing the right documentation or changing settings in your systems to comply with your carrier’s cybersecurity standards.
- We offer templates for cybersecurity management policies and statements of operations so that you don’t have to start from scratch.
Need Help Qualifying For Cybersecurity Insurance?
Meeting the stipulations laid out by cybersecurity insurance providers may not be easy depending on the state of your cybersecurity posture. 4it can help you improve your approach to cybersecurity.
Our team provides cybersecurity and technology services for businesses like yours—we are available to help you develop a robust cybersecurity defense.
We can ensure you qualify for a policy and minimize the chance that you’ll have to make a claim on your cybersecurity insurance.
Get in touch with our team to get started.