The 5 Most Common Questions Cyber Insurance Providers are Asking Businesses

What questions does your company need to be able to answer when applying for cyber insurance?

As the number of cyber-crimes increases year after year, cyber insurance is a growing need for organizations. A 2022 cyber readiness report from Hiscox indicated that nearly half of the global businesses surveyed have faced a cyber-attack within the past 12 months. This makes cyber-crime one of the most significant risks facing organizations today, and with this in mind, investing in a cyber insurance policy is incredibly vital.

To apply for cyber insurance, your organization will have to complete several forms that detail your company’s current security landscape. Whether you are filling them out for the first time or applying for a policy renewal, these forms can be overwhelming. To help businesses prepare for their cyber-insurance application, Blackink IT has compiled a list of some of the most common questions we see on these forms. Being able to not only answer these questions, but also implement these best practices if they’re not currently a part of your cybersecurity strategy, is essential to being approved for a policy. Here are five of the most common questions asked by cyber insurance companies:

1) Do you use Multi-Factor Authentication (MFA) to protect privileged user accounts?

MFA provides an additional layer of security to organizations and is the single-most important step organizations can take to protect themselves from cyberattacks. In addition to privileged accounts, it is recommended to have MFA enabled on email, administrative accounts, remote access, and key line-of-business systems - especially ones that contain sensitive data.

2) Are your backups encrypted? Have you tested the successful restoration and recovery of key server configurations?

Ransomware attacks have become more prevalent and organized in the past few years. Attackers can exfiltrate and encrypt sensitive data from your company, and then demand a ransom for restoration. This stresses the need for organizations to perform encrypted backups on a regular basis, as well as test those backups to get an estimated time of restoration. Understanding your company’s time of restoration will help you calculate the cost of downtime associated with a potential ransomware attack.

3) Do you use an endpoint detection and response (EDR) product across your enterprise?

After gaining access, it is common for dangerous threat actors to remain “hidden” within a company’s network for weeks, months, or even years before they act – they use this time to gather valuable information and create a plan of attack. An EDR tool utilizes continuous monitoring and investigation of enterprise endpoints to help detect the irregular network activities that are common signs of dormant cyber criminals. Identifying these irregularities as soon as possible can significantly reduce the impact of a cyberattack.

4) Do you have regularly scheduled vulnerability scans? In what time frame do you install critical and high severity patches?

Cyber criminals are constantly looking for vulnerabilities in an organization’s infrastructure to exploit and gain access. As new technology is constantly introduced, developed, and adapted in today’s work environment, it is crucial to conduct consistent vulnerability scans on both internal and external assets. Once vulnerabilities are identified, it is equally important to patch those vulnerabilities (prioritize critical and high) to make sure all of your systems are up to date, and then to rescan the network to validate your remediation measures.  

5) Are you conducting security awareness training on an ongoing basis that includes, but is not limited to, detection of social engineering, phishing, or other similar scams?

An organization can have the best security practices in place, but still fall victim to a cyber-attack if employees are not trained accordingly. The Center for Internet Security (CIS) states that “the actions of people play a critical part in the success or failure of an enterprise’s security program.” Human error is the leading cause of data breaches by a wide margin; however, the risk of human error can be significantly reduced through regular training, phishing exercises, and education about strong password use. It is the responsibility of the employer to educate employees on how to avoid targeted cyber-attacks and keep the company safe.

As your organization looks to apply for, or renew, a cyber insurance policy, it is highly likely that your provider will ask you variations of these five questions. It is important for you to be able to answer these questions to not only secure an insurance policy, but to understand your security environment. And if your answer to any of these questions is “no,” it is worth considering how you might begin implementing these best practices to keep your organization safe and productive.

Still curious about cyber-insurance applications and how to begin understanding your company’s current security posture? Feel free to contact the experts at Blackink IT.

By Deandra Rodricks, Security Specialist at Blackink IT

Resources:

https://www.hiscox.co.uk/cyberreadiness#