What Cyber Insurance Underwriters Look For

As the number of cyber attacks against businesses continues to grow, insurers that provide cyber liability and other cyber-related coverage have started intensifying their scrutiny of their clients' databases and operational security.

When a business suffers a cyber attack it could result in fraudulent wire transfers or having its systems rendered frozen, which can be unlocked only by paying a ransom. Some companies will also have their intellectual property stolen in attacks.

But while these attacks grow in number and cost, cyber insurers are expecting their policyholders to do more to protect their data and systems.

CFC Underwriting, a global insurer, says there are six things its underwriters look for when pricing cyber insurance policies:

1. Close unused remote desktop protocol ports - RDP ports are for remote workers so they can access their office desktop and the company database from afar. CFC recommends that any unused RDP ports be closed, and the ones that are in use should be protected with a virtual private network and multi-factor authentication (MFA).

RDP ports are major vulnerabilities and CFC estimates that more than 50% of ransomware attacks that it sees occur thanks to open RDP ports. Close an RDP if it's not absolutely necessary.

2. Use multi-factor authentication - These days complex passwords are not enough to provide the security you need to protect your data. That means there should be another layer of security used to authenticate a user, such as a thumbprint or a unique code that is sent to their phone by text message and that they need to enter to proceed. This is common technology on many websites and apps today.

This can prevent brute-force attacks where criminals try multiple usernames and passwords in automated rapid succession to try to hack a system because, even if they get it right, they won't pass the second authentication. Typically, when they use this type of attack they can steal credentials and sell them on the dark web, which can in turn lead to them accessing financial accounts.

"For that reason, our cyber underwriters love when a business has MFA in use across all business email accounts and on other key business software too," CFC writes.

3. Have a data management strategy - Underwriters like to see that a company's data is stored and segregated properly, like splitting client records across multiple servers so that if one server is compromised not all the data is lost. That, in turn, can reduce the likelihood of a catastrophic loss.

If you're using a cloud service, it would be wise to ensure they have the proper authorized access controls in place and that they are running security checks on any third party vendors.

4. Run endpoint detection and response - Besides firewalls and antivirus software, cyber insurance underwriters also advise that businesses use endpoint detection and response (EDR) tools. These systems continuously monitor all devices connected to your network to make sure they are secure and have not been compromised.

This is important because an employee can be using a device that gets compromised by clicking on a malicious link on their smartphone, which can unleash an attack on the company's network.

An endpoint might be anything from an employee workstation and company server to a mobile phone.

5. Conduct regular and secure backups - Businesses need to do more than just back up their records and servers. What's important is what is done with that backup information. If you are backing up your servers and then storing that data on those same servers, it doesn't do you much good if your system is compromised.

Underwriters like to see that data is stored and segregated from the main network, and even stored offline in an offsite location. This will make recovery quick and easy if you suffer a ransomware attack.

6. Make risk management a priority - Cyber insurance underwriters will also look at:

• Any policies and procedures you have in place in terms of cyber risk management.
• If you have a key person in charge of these policies.
• And that the key person knows about the different kinds of data you are storing, and how it is stored.