Top 10 network security controls that most cyber insurance underwriters expect in order to offer you reasonable coverage.
They will differ based on insurer, individual underwriter, your organization size, industry, etc. and are subject to change over time.
MFA (privileged access, remote access, remote cloud-based apps/O365) and strong password controls protect an organization against phishing, social engineering and password brute-force attacks and help prevent logins from attackers exploiting weak or stolen credentials. For many cyber underwriters, this is the most important control.
Underwriters want to see daily data backups, backups stored in more than one location, access rights limited to data backups, etc.
Disabling administrative privileges on endpoints improves security posture. An administrative end-user on an endpoint for even a few minutes can lead to catastrophic data breaches if the endpoint is compromised.
Anti-malware is a version of EDR — it scans your system for known malware such as trojans, worms, and ransomware, and upon detecting them, removes them. Underwriters look for both.
SOCs provide increased visibility and control over security systems, enabling the organization to stay ahead of potential attackers. Cyber underwriters view this as a key proactive approach to network security.
They are powerful systems that provide security professionals with insight into what is happening in their IT environment and help track relevant events that have happened in the past.