Specialty Insurance

Top 10 network security controls that most cyber insurance underwriters expect in order to offer you reasonable coverage.

They will differ based on insurer, individual underwriter, your organization size, industry, etc. and are subject to change over time.

MFA (privileged access, remote access, remote cloud-based apps/O365) and strong password controls protect an organization against phishing, social engineering and password brute-force attacks and help prevent logins from attackers exploiting weak or stolen credentials. For many cyber underwriters, this is the most important control.

Network segregation (separation of critical networks from the internet) and network segmentation (splitting larger networks into smaller segments) help reduce the risk and potential impact of ransomware attacks and will improve IT professionals’ auditing and alerting capabilities, which will assist in identifying cyber threats and responding to them.
A strong data backup strategy is typically part of a solid disaster recovery/business continuity plan.

Underwriters want to see daily data backups, backups stored in more than one location, access rights limited to data backups, etc.

Disabling administrative privileges on endpoints improves security posture. An administrative end-user on an endpoint for even a few minutes can lead to catastrophic data breaches if the endpoint is compromised.

Security awareness has never been more important. The threat environment is evolving rapidly. Regular and frequent employee training is a must in today’s environment.
EDR provides advanced measures for detecting threats and provides the ability to identify the origin of an attack as well as how it is spreading.

Anti-malware is a version of EDR — it scans your system for known malware such as trojans, worms, and ransomware, and upon detecting them, removes them. Underwriters look for both.
SPF plays an important role in email authentication. It helps prevent emails from unauthorized senders from hitting an employee’s inbox. Underwriters look for this defensive tool.
A dedicated SOC acts as the first line of defense against cyber threats. The analysis and threat hunting conducted by SOC teams help prevent attacks from occurring in the first place.

SOCs provide increased visibility and control over security systems, enabling the organization to stay ahead of potential attackers. Cyber underwriters view this as a key proactive approach to network security.
SIEM tools collect and aggregate log and event data to help identify and track breaches.

They are powerful systems that provide security professionals with insight into what is happening in their IT environment and help track relevant events that have happened in the past.
Assigning service accounts in built-in privileged groups, such as the local Administrators or Domain Admins group, can be risky. Underwriters want service accounts removed from Domain Admin groups.