Getting cyber insurance used to be very easy for small and medium size companies. A few years ago, there was virtually very little or no serious underwriting activity and applications were just being accepted. With all the big breaches in the world and small companies constantly being hit (typically by ransomware), insurance companies are tightening up their underwriting requirements and appropriately pricing risk.
We often get requests from clients to assist with completing their cyber insurance applications. I always caution clients to be forthcoming with information. Insurance applications are legal documents, and it is fraud to provide false information. Additionally, if you provide false information on your application, there may be grounds for an insurance company to deny your claim. In the last few years, regardless of how the applications were answered, the client was always granted the insurance. I never saw any company denied coverage.
We are now starting to see applications asking for specific IT security and privacy controls. They are asking for details on products that are being used, and what third parties have access to the network, including outside support vendors. On a few applications we have seen specific required controls that must be implemented to be eligible for cyber insurance. The most common required control we see is the requirement for multi-factor authentication (MFA). Specifically, MFA is being required for the following:
- Web access to email.
- User remote access to network.
- Admin access to servers and workstations (no local admin permitted).
- Third parties including service providers.
- Network backup environment.
We suggest, as time and budget permits, every organization should be implementing MFA on as many systems as possible.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.