We guide our clients to the best protections and price available.
Being approved for Cyber Liability Insurance is not a forgone conclusion. Cornerstone’s expertise is a huge help in this process.
- The cyber liability insurance market in general is in upheaval. There is added scrutiny for collection risks due to the nature of the accounts and high number of records.
- Applicants using Microsoft Exchange Servers, SolarWinds or SonicWall hardware may be declined unless they have taken specific remediation steps
- Underwriters will look for an excuse to decline quoting – Don’t give them a good reason!
Key Security Requirements/Investments – Before you apply
Multi-Factor Authentication
Required for all risks. MFA needs to be implemented for (1) remote network access, (2) email access and (3) administrator access.
Reduce Your Record Count
Purge old stored records that are no longer needed and reduce your exposure in the event of a breach.
Dual Control
Use dual control for wire transfers in excess of $25,000. This involves a secondary means of communication to validate the authenticity of funds transfers (ACH, wire, etc.).
Remote Desktop Protocol (RDP)
Over 60% of claims result from unauthorized access via an exposed log-in panel. Do not leave these capabilities active unless required, and never leave RDP exposed to the internet.
Patching
Patch management is the process of distributing and applying updates to software. These patches are often necessary to correct errors in the software. Insurers want to see a robust patch management strategy.
Training
Employees are still the weakest link in any security defense, and human error remains the biggest challenge to overcome. Create an incident response plan and implement formal training for employees on security awareness.
Build a Stronger Backup Strategy
Purchase a backup solution that uses a separate non-domain account with MFA. Retain multiple copies of data, keep one offsite, and monitor backups for suspicious activity.
Endpoint Detection & Response (EDR)
Software installed on all endpoints automatically monitors and collect activity data from endpoints that could indicate a known threat.
This list is not comprehensive, but it includes some important steps that can help improve your cyber liability options at renewal.
Let’s get started.