How to Prepare for Cyber Insurance

How To Prepare for Cyber-Liability Insurance

Following up from the webinar, “Cyber Insurance 101: The Basics for Businesses“, we thought it’d be beneficial to provide a guide to help businesses prepare for a cyber-liability insurance policy. Just as traditional insurers take numerous factors into consideration (i.e. tobacco usage, living near a flood plain, driving record) cyber-insurance providers do the same with a business’ existing cybersecurity posture. Organizations that do more to mitigate risks are cheaper to insure, get better policies and pay more competitive rates. In order to receive a cost-effective premium, there are steps your business should take prior to enrolling in coverage.  Adopting these IT practices will lower your security risks and improve your organization’s insurability.

Security Training

1. Security Awareness Training

One of the first areas you need to address, but is often overlooked, are the personal vulnerabilities of your own staff.

Cybercrime often requires human action to be successful. Many cybersecurity incidents can be avoided entirely with by educating end users on proper behavior and “clicking” best practices.

The do’s and don’ts of proper cybersecurity training:

✔ DO extend training to everyone in your organization – not just leaders or IT staff.
❌ DON’T default to videos and classroom-style sessions that aren’t engaging.
✔ DO experiment with simulated email attacks, drills and tests.
❌ DON’T attempt to teach everything in one session.
✔ DO prioritize topics like password security, threat response and device security in separate sessions.
❌ DON’T assume one session is enough. Training should be ongoing!


2. Supportable Hardware/Software & Patch Management

Being proactive about keeping your hardware and software updated not only lowers the security risk to the organization, but also makes you easier to insure.

Many of the news-worthy cyber-attacks you’ve heard about recently targeted existing hardware and software vulnerabilities. Whether an outdated device or a program in need of updating, the security risk remains the same. Every day that a product is past its end-of-support date the riskier it becomes.

Implement a timeline to support , upgrade or replace devices and software to ensure they are supported by the manufacturer and receive up-to-date security patches.


Patch Management
Firewall & EDR Protection

3. Firewall, Anti-Virus, Endpoint Detection & Response (EDR)

No single technology can completely protect an organization from threats, however implementing a set of tools like firewall, anti-virus and EDR can help harden the security infrastructure against future attacks. 

Attackers utilize multiple tools for exploiting endpoints, likewise, organizations must have multiple tools that can be used to make up a complete endpoint security stack. The type of endpoint protection you get for your business will vary based on a few factors such as:

  • Type of threats
  • Size & scope of your technology infrastructure
  • Budget


4. Multi-Factor Authentication (MFA)

“MFA protects against 99% of attacks.” – Microsoft

The first and most easily implemented solution is to ensure that staff is using multi-factor authentication (MFA), via practices such as “two-step authentication” on tools that they access on a daily basis.  80% of data breaches are caused by stolen or lost credentials. Use MFA to add a constantly changing code that makes it much harder to break into an account.
Multi-Factor Authentication

Want to save your business in 30 minutes? Check out our “Cyber Insurance 101: The Basics for Businesses” Webinar!

Cyber-liability insurance covers the cost for a business to recover from a data breach or cyberattack. It also covers legal claims resulting from the breach.  Any business that stores sensitive data in the cloud or on an electronic device should have cyber-liability insurance.

Watch the webinar record to learn the basics of cyber insurance and how it helps bolster your business’ cybersecurity preparedness when combined with risk management. 


One Partner. Complete Solutions. Better Results.

Learn More: