Cybersecurity insurance is no longer a “nice to have'' coverage option for businesses. Whether it’s to satisfy customers’ expectations, meet regulatory requirements or just sleep better at night, every business is investigating ways to maximize cybersecurity insurance coverage at an optimal rate.
As leading advisors/suppliers of cybersecurity solutions and services in the Bay Area, NuSpective has also made it our job to help customers strike the appropriate balance between coverage and cost when it comes to cybersecurity insurance. NuSpective does NOT sell cyber insurance, but we have a comprehensive understanding of what technology and process the insurers want to see in place to provide their best rate.
To help you prepare for a discussion with your current or prospective cyber insurance provider, we have put together a list of common information these companies will expect to see when calculating premiums and approving applications:
- Email Security: What security controls do you have in place for incoming email? This includes screening for malicious attachments and links, quarantine and sandboxing services, etc. Does your business have proper training in place to guard against employees falling victim to phishing and other malicious attacks?
- Identity and Access Management: Do you enforce MFA, allow remote access, provide password management software or utilize a Privileged Access Management (PAM) tool?
- Unsupported and End of Life Software: Do you have an up to date database, configuration management database (CMDB), and end of life/end of support software on your network?
- Security Products and Solutions: Do you utilize any security solutions including Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), Security Information and Event Management Software (SIEM), or Application and Isolation and Containment? Or do you utilize a SOC, protected DNS or Firewall?
- Vulnerabilities and Scanning: Do you use a hardened baseline configuration across all devices? In the past two years, how often have you conducted a vulnerability scan or a penetration testing across your network?
- Backups and Resilience: Do you rely on a backup solution located on your corporate network or do you rely on a cloud-based service as your backup location? Do you maintain offline backups and how often do you perform a test restoration from these backups?
When NuSpective provides solutions and services to help fill these cyber protection voids, we are also helping contain your cyber insurance costs as an adjacent benefit.
If you have any questions or would like to discuss your cybersecurity needs, please don’t hesitate to contact us.