top of page
  • Writer's pictureFastrics

How To Achieve Cyber Liability Insurance: Our Top Ten Required Controls

Cyber Liability Insurance: The Top 10 Controls To Meet Provider Standards

Is your organization looking to get cyber liability insurance? Or are you looking to reduce your cyber liability insurance premiums?

In order to be insurable and keep your premium as low as possible, your organization is required to meet certain security standards to show your due diligence.

3 Reasons Your Organization Needs To Meet A Cyber Liability Insurance Provider’s Standards

There are three main factors that drive an organization’s goal of meeting the standards of cyber liability insurance providers, which include:

  1. Your organization wants to qualify for an insurance policy.

  2. Your organization wants to reduce the likelihood of significant premium increases.

  3. Your organization wants to adopt basic security best practices.

In the event of a breach, you’ll want to show the insurance provider that you’ve taken reasonable and appropriate security protection measures and have been in compliance with the policy’s requirements. This will increase the chances that the insurer will cover losses in the event of a serious cybersecurity incident.

Top Ten Required Controls From Cyber Liability Insurance Providers

Not every provider will have the same list of controls. Based on our experience, we have compiled a list of the 10 most common ones we come across in our work.

Out of our list of 10 controls, there are 5 controls that cyber liability insurance providers will not even write a policy without, which include:

  1. Enabling multi-factor authentication across all critical systems, including (and especially) cloud and SaaS systems.

  2. Implementing extended detection and response (XDR) that includes next generation antivirus (NGAV).

  3. Patching critical system vulnerabilities in a timely manner.

  4. Using vulnerability scanning agents to identify and remediate endpoint vulnerabilities (i.e., as a feedback mechanism into the enterprise patching process).

  5. Creating and continuously testing a cybersecurity incident response plan.

Although the following five controls are not always necessary to acquire a policy, they are still important for reducing your premiums and setting your organization to be in an optimal position in the event of a cyber incident:

  1. Adopt an information security policy.

  2. Implement and use an email security gateway.

  3. Backup critical data to an air-gapped location and encrypt backups.

  4. Conduct employee security awareness training and phishing simulations.

  5. Enable logging for all systems, software, and perimeter devices.

This way, in the event of a cyber incident, the potential damage to the organization can be reduced, your organization and the insurance provider can determine what happened, what has been impacted by the incident, and whether reasonable and appropriate controls were in place to prevent the incident.

If you need assistance implementing these controls or reducing your cyber liability premiums, Fastrics is here to help. Contact us directly to discuss how we can help support your organization.

61 views0 comments


bottom of page