Cybersecurity is a Necessary Journey, Not a Destination
There has been a significant shift in underwriting cyber liability insurance in the past three years, mostly driven by substantial claims. As the cyber liability market begins to stabilize from a pricing standpoint, the scrutiny on cybersecurity controls hasn’t lessened.
Underwriting standards continue to increase and evolve along with the cyber threat landscape. We’re also seeing an increase in privacy litigation matters, so safeguarding your data is critical for protecting your company’s reputation and balance sheet.
As insurance carriers focus on controls, cyber hygiene is crucial to securing cyber liability insurance coverage, and Multi-Factor Authentication (MFA) is essential. MFA is two authenticating factors to verify the identity of the user or the device. It could be something you know, such as a password; something you have, such as an authenticating application on your phone or hardware token; or something you are, such as a biometric identifier. Multi-factor authentication should be used for the following.
- All user accounts, including third parties, when accessing your network remotely, including through Remote-Desktop Protocol, Virtual Private Networks or similar access methods
- All domain administrator accounts, whether or not they are accessing our network remotely
- All remote access to web-based email (e.g., Outlook Web App, Gmail, etc.)
- All other core applications
If you do not have MFA in place, options for coverage will be limited or non-existent. MFA takes time to implement, so if you do not have this control in place, take action immediately.
Here are some questions to ask your IT team to ensure you’re on the path to cybersecurity.
- Do we require additional training for employees who fail phishing email simulations?
- Have we phased out end-of-life or end-of-support software?
- Do we filter emails for malicious content or links?
- Are our backups encrypted, immutable and protected with MFA?
- Do we use Endpoint Detection and Response (EDR) and Intrusion Detection tools from a leading provider? Does this extend to our cloud network?
If you answered “no” to any of the questions above, then we should discuss the impact of your cyber liability terms. You work hard to make your business successful, make sure you protect it. Oswald is here to help, and we have resources that can support you in creating a roadmap for changes.
Check out this roadmap to prepare your company for cyber renewal.
Complete an online cyber risk assessment here.
For more information, visit our Cyber Risk page or contact:
Note: This communication is for informational purposes only, and is not intended to offer legal, tax, or client-specific risk management advice. Information in this communication is not meant to describe specific coverages that may be advisable or available to you or your company, or to interpret specific coverages that may already be in place. General insurance descriptions in this communication do not include complete insurance policy definitions, terms, and/or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis. View our privacy notice.