Companies that provide cyber insurance are becoming stricter with their policies as they scrutinize your ability to handle cyber incidents. You’ll likely need to meet a complex list of security practices to maintain coverage. Here are five of the most common requirements for cyber insurance:
1. Incident Response Plan: Insurers might stipulate that businesses have a clearly outlined plan to efficiently address a cyber incident, to minimize damages. An IRP outlines procedures and protocols for your organization after detecting a potential cyber incident.
2. Cyber security awareness training: Regularly scheduled employee training advises team members about the latest threats, as well as reinforces awareness of how to spot potential fraudulent and malicious activities. And the fact that most breaches stem from human error (meaning they were likely preventable), makes this a critical security practice.
3. Multi-Factor Authentication (MFA): MFA is a login security strategy where an account user is required to have a secondary method of verifying their identity in addition to username and password
- Most secure: Biometric (face, fingerprint, etc)
- Second most secure: Authenticator app (Duo, Authy, Google, etc)
- Least secure: Text or email (most easily intercepted by cyber criminals).
4. Encryption: In its simplest form, encryption refers to storing information in a coded format so that only people who know the code can read it. The code is kept secret and only known to people who have permission to read the information. This secret code is referred to as an “encryption key”.
5. Disaster Recovery (DR) Plan: A formal document that contains detailed instructions on how to respond to major unplanned, disruptive events. Like an IRP, a DR plan takes it one step further and outlines steps for an organization to take when potentially catastrophic events (like COVID) take place.
Insurance companies want to know what you are doing to prevent a cyber incident, and how prepared you are to contain potential situations. So, often using complex terminology, requirements for cyber insurance need more robust information security in place. Birmingham Consulting’s Compliance-As-A-Service helps establish and maintain the controls you need to maintain coverage, as well as meeting industry regulations relevant to your business.
– Birmingham Consulting: Information Security. Like IT Should Be.