These Tough Questions Will Likely Be On Your Business’s Next Cyber Insurance Renewal

Once a year, most businesses face a renewal period for cyber insurance. We’re here to tell you: it’s time to tighten your security controls before your next renewal, and being less than truthful  risks invalidating your policy (read more) if an incident occurs. Let’s talk about why. 

In the past, purchasing cyber insurance has frequently been a way for big companies to fill in the gaps of their less than adequate security infrastructure. Given the current climate of ransomware in the United States (and worldwide), this won’t be a viable strategy any longer. Insurance companies are tightening their requirements for both renewing and initiating cyber insurance policies, for a good reason. 

In addition, prior to the current climate, some industries and companies received discounts due to low-risk profiles. Lately, ransomware has shown no mercy. All sectors and company sizes that use computers connected to the internet are targets, taking away the old pricing incentives when purchasing a cyber insurance policy. 

Here’s a sample from a 2021 Cyber Insurance policy questionnaire below.

1. Does your business use multi-factor authentication?
   1. Does your organization require all employees to use MFA when accessing email through a cloud-based service or through email?
   2. Is MFA required for all remote workers accessing the organization network, including employees, third-party service providers, and contractors?
   3. Is MFA required for all internal and remote admin access to network infrastructure components (i.e., routers, firewalls, switches)?
   4. Is MFA required for all internal and remote admin access to the organization’s endpoints and servers?
   5. If any, what applications are not using MFA in your organization?
2. Does your business have access controls?
   1. How many users have access to privileged accounts?
   2. What kind of telemetry does your organization have into the use of its privileged access credentials?
   3. What’s the process for off-boarding terminated employees? How many users are in the organization’s Domain Administrators group? How many service accounts are in the group?
   4. What type of log-ons does your organization use? 

If your organization is approaching cyber insurance renewal and has questions about what needs to be done before trying to renew, PK Tech is here to help. Get in touch with us here.