Search Google for “Best Security Controls for Cyber Insurance,” and you will find countless lists of present and upcoming requirements for cyber insurance. But what do we make of these requirements and their ability to: a) align with top-tier carrier expectations and b) actively mitigate risk?
The cybersecurity insurance market is in flux as demand soars, payouts skyrocket, and providers lower coverage, raise premiums or opt out of the cyber insurance game entirely. The current market shows no signs of stopping as global growth is expected to increase from $7.60 billion USD in 2021 20.43 billion USD by 2027, but still leaves clients asking:
- Does my business even need cyber insurance?
- Do the costs outweigh the benefits at this point?
- Will my business qualify?
In this blog, we dive into some security controls that meet carrier expectations and mitigate risk.
1. Begin to map your clients against required and soon-to-be-required controls. There seem to be some obvious best practices already in place, like MFA (multi-factor authentication). But take a deeper look at what MFA means for your clients – it means that your clients will need to, at minimum
- Require MFA for externally exposed applications
- Require MFA for remote network access
- Require MFA for administrative access
- Assumptions: Establish and Maintain Software Inventory
- Assumptions: Utilize Automated Software Inventory Tools
- Assumptions: Allowlist Authorized Software
- Assumptions: Require Unique Accounts
2. Another vital area for cyber insurance falls under backups and segmentation. For each client:
- Establish and Maintain a Data Recovery Process
- Perform Automated Backups
- Protect Recovery Data
- Establish and Maintain an Isolated Instance of Recovery Data
- Test Recovery Data
Without going much further, you understand all too well the importance of protecting data – clients have data, and criminals want that data.
Cybersecurity Training & Education
3. Begin an education program around cybersecurity best practices. Most SMBs simply do not understand vulnerabilities or take the position of ‘it will never happen to my business.’ For example, ask your clients this question: “If you got hit with a cyber breach, what do you think it might cost?” You might be shocked at the low numbers a client will reply with. They need education – understanding what phishing emails are is a good place to start . They don’t know just how damaging a cyber attack can be.
With human error as a leading cause for breaches, MSPs have the expertise to go further and train their clients on the following:
- Recognize Social Engineering Attacks
- Authentication Best Practices
- Data Handling Best Practices
- Causes of Unintentional Data Exposure
- Recognizing and Reporting Security Incidents
- How to Identify and Report if Their Enterprise Assets are Missing Security Updates
- Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks
- Conduct Role-Specific Security Awareness and Skills Training
FifthWall Solutions recognizes across industries the consistency of core security controls most carriers require. To learn more, jump over to this blog, “Best Practices that Lead to Cyber Insurance.”
Building Cyber Insurance into Client Processes
As an MSP, you will continue to build cyber insurance into your client processes. It does not need to be overnight, but you should implement actionable steps. Consider these next five key points as critical to the cyber insurance process:
- Offer free policy reviews with your insurance partner
- Get in front of policy review/application 60 – 90 days in advance
- Consider hosting a cyber insurance event with an insurance expert like FifthWall Solutions
- Consider offering cyber insurance alignment in your security assessments
- Consider creating SEO and a marketing plan around cyber insurance
FifthWall Solutions helps MSPs with the next steps. We’ll always review a policy for anyone for free. We’re wide open to MSP and client-facing webinars, and we educate about the state of cyber insurance and how you, as a vendor, help address insurance requirements.
Find out exactly where your business stands and partner with us today.
Learn more at fifthwallsolutions.com/msp