Cyber insurance – 6 thoughts that pay off
CHECKLIST
BARAMUNDI CHECKLISTS provide concise, step-by-step expert advice for handling common IT challenges in a straightforward way. You can find more checklists here.
The field of cyber insurance is still relatively uncharted territory for underwriters and policyholders. With few established guidelines or
requirements to follow, companies seeking or updating coverage should consider these 6 points:
1. No binding standards
Insurance companies are currently orienting themselves, e.g., to the standards of the NIST Cybersecurity Framework (National Institute of Standards and Technology) and ISO/IEC 27001. The insurance company primarily wants to know: Does the company have its IT under control?
2. Inventory and reporting
An accurate and current inventory of all network devices is the essential starting point for identifying and assessing existing cybersecurity risks. Regular reporting provides the basis for establishing and maintaining coverage.
3. Take responsibility
Duty of care is key. This includes documenting practices for closing known vulnerabilities, regularly creating and testing backups, and other factors.
4. Legacy systems
Many insurance policies exclude damage caused by continued operation of legacy systems. This mainly affects industrial and manufacturing companies who must implement appropriate measures to protect older systems from malicious actors.
5. Raise awareness
Policyholders are responsible for training employees how to recognize and respond correctly to cyber threats. Most insurance companies reward or require recurrent cybersecurity awareness training.
6. Coverage expectations
Even in the event of an incident, the amount paid out rarely covers the entire loss. In most cases, 10 percent is reserved for the deployment of an incident response team to ensure rapid remediation and recovery after a major incident. Moreover, investing resources in prevention pays off better in case of doubt than relying solely on a policy.
In short: Even with few standards established, insured companies are typically required to document IT risk management practices. The baramundi Management Suite is a comprehensive UEM solution that can increase cybersecurity and help companies obtain optimal insurance protection.