Blog / Some New Cyberinsurance Requirements
New cyberinsurance requirements mean getting coverage could be getting harder.
As TRINUS’s head of cybersecurity, I’m regularly helping clients fill out cybersinsurance applications, so I get to see all sorts of forms from plenty of different insurance companies. I also make it a point to stay informed about all the latest cybersecurity and insurance information. In fact, last newsletter I mentioned how overuse of the act of war escape clause in many insurance company’s policies was recently overturned by the courts, and mentioned some of the contributing events. Well shortly, I was tapped to help a client with their cyberinsurance renewal, but this time the insurance company sent along an additional document featuring two lists; one of requirements, and one of recommendations that would presumably reduce your payments and premiums.
I figured it would be useful to list some of the requisite cyberinsurance requirements, not just because they are good ideas but because it’s only a matter of time before others start the same thing. Some of those requirements are:
- Multi-Factor authentication
Not for everything, just for remote email access, remote network access and privileged user accounts.
- Regular user awareness-training
This should be done at least annually. Some examples for training topics included phishing and data protection training.
- Segregation of EoL/EoS software
While it’s nice to say that you’ll never use software that is no longer updated or supported, sometimes it’s necessary so just take reasonable precautions.
- Have up-to-date Disaster Recovery, Business Continuity, and Incident Response plans.
Simply having these plans isn’t good enough. They need to be up-to-date. The time frame could vary from provider to provider so make sure you check, but as a rule of thumb they should be reviewed annually.
These are just a few of the items that were listed as being required, less than half actually. and all of them have long been standard recommendations from the cybersecurity industry. That means, rather than viewing this as an additional burden, it’s actually a win from a security perspective; many recommended best practices are long overdue for becoming essential minimum standards, even if it’s happening thanks to courts and insurers rather than the market’s passion for security.
For this week’s Shakespearean quote I’ll pull a line from A Midsummer Night’s Dream; “Well, sir, learn to jest in good time; there’s a time for all things.”
If you’d like help applying for or complying with your cyberinsurance policy, contact one of our cybersecurity professionals and we’ll be happy to help you get some stress-free IT.
Be kind, courtesy your friendly neighbourhood cyberman.