Top 9 Areas of Focus for Cyber Insurance Underwriters

Author: John Farley

As the pace of cyber attacks intensifies and massive cyber claim payouts continue, insureds that are unable to meet strict underwriting requirements can be subject to significant rate increases, and may even be unable to obtain cyber insurance coverage at all.

We've reviewed the most common underwriter questions asked during the insurance application process, and have highlighted the top nine areas of focus for underwriters—so you know what cyber security vulnerabilities to address in your organization, to obtain optimal cyber insurance coverage while minimizing rate increases.

1. Multi-factor authentication (MFA)

   Use MFA to immediately prevent most password-based attacks.

2. Insecure protocols (RDP)

   Inherently insecure protocols make you the most attractive target.

3. Employee training

   Employees are the first line of cyber defense.

4. Patch management

   Timely patching prevents most hacking attempts.

5. Endpoint detection & response (EDR)

   EDR is the new antivirus.

6. Privileged account management (PAM)

   If your network is breached, don't allow attackers to roam freely.

7. Backups

   If you get hit, be able to restore swiftly.

8. Incident response plan

   all else fails, have a good response plan.

9. Cyber ratings tools

   Monitor the cyber ratings tools used to underwrite your organization.

Where Does Your Organization Stand?

Anticipating and planning for underwriters' questions starts with knowing where your organization stands from a cyber security standpoint—and where improvements can be made. So, where do you start?

In light of increased underwriting scrutiny in the cyber insurance market, Gallagher's cyber team has created a propriety Cyber Security Controls Assessment to help organizations streamline the cyber application and renewal process. In taking this 5-minute assessment, your organization will receive:

• An overview of security controls and cyber security vulnerabilities that may exist within your organization.
• A customized report that captures and summarizes your survey responses.
• Actionable tools and resource to help build cyber resilience in your organization.

Going forward, the best strategy you can adopt is using data security controls to lead the best terms. By employing the latest cyber controls around your people, processes and technology, you can drive improvements in your cyber maturity and drive better a better result during your policy. Our cyber team is here to lead you through that process. Contact us to learn more.