How are you monitoring your security infrastructure 24/7/365? How much visibility do you have into what’s happening with your users and systems? What security controls are in place for remote access for users and third parties, and are you monitoring them?
If you’ve decided to procure cyber insurance (CI) to financially protect your organization in the event of a cyber-attack, these are the first questions your CI carrier will ask you. But it doesn’t end there. The CI industry has pretty much standardized on 12 key security controls that they will audit, and their assessment will ultimately decide the cost of your premium. The areas CI carriers want to ensure you have are:
- Multifactor Authentication (MFA) for remote access and admin/privileged controls
- Endpoint Detection and Response (EDR), MDR, or XDR
- Secured, encrypted, and tested backups
- Privileged Access Management
- Email filtering and web security
- Patch and vulnerability management
- Cyber incident response planning and testing
- Cybersecurity awareness training and phishing testing
- Hardening techniques, including Remote Desktop Protocol (RDP) mitigation
- Logging and monitoring/network protections
- End of life systems replaced or protected
- Vendor/digital supply chain risk management
In the early days of cyber insurance, you could just fill out a form and check the box that you have these controls. That is no longer the case. Now you must provide a narrative of the control and have an in-depth conversation around each one.
To get the best (lowest) possible premium, you need to self-audit to these key controls to make sure you comply with them. If not, you need to address them before you apply. The CI carrier will take this feedback to determine your premium which will increase or decrease depending on your proficiency in these areas.
Implementing and monitoring these controls can be daunting for an already overworked IT staff. That’s why many companies are turning to third party systems integrators and managed services companies like DynTek for a managed security services solution. We can help you take advantage of shared customer expertise and threat intelligence, provide 24x7x365 coverage, and scale and adapt to new threats while you focus on your primary business and core mission.
For more information on the evolving world of cyber insurance and ensuring you have the security profile in place to get the most affordable premium, contact DynTek for a Cyber Insurance Readiness Consultation.