We all know that cyber breaches are EXPENSIVE. The average breach costs an Australian SME $250,000. That is why cyber insurance is crucial–whether your organisation is big or small.

Cyber insurance protects your business from the liabilities or costs incurred following a data breach. These costs might include the investigation into the breach, crisis communication, legal payments and refunds to customers where required. It works similarly to your health or car insurance – you apply for a certain level of cover, answer a list of questions, and then if you need to use it, you know that you won’t incur the total cost of the incident.

Recent industry changes

Cyber insurance has been available for around twenty years, and if we rewind to five or ten years ago, it was a very different industry. Back then, insurance was cheaper, premiums and security requirements were lower, policy limits were higher, and more companies were offering it in the market. However, with a dramatic increase in the number and financial cost of cyber-attacks, cyber insurance is essential and harder to procure.

Cyber insurance checklist

What cyber protection and controls do you need to qualify for cyber insurance? We have put together a comprehensive checklist to help you ensure that you can get the cover you need while knowing that you are doing your due diligence to protect your organisation.

  • Revenue

    • Annual revenue
    • Revenue by state or territory
  • Details of previous cyber incidents

    • Description and date of incidents
    • Financial impact
    • Mitigating steps to avoid future incidents
    • Any current risk factors that could give rise to a Data Breach or Cyber incident
  • IT infrastructure and resourcing including:

    • Managed service provider
    • Number of servers on your network
    • Number of desktops and laptops
    • Annual IT budget
    • Percentage spent on IT security
    • Any third-party technology partners for IT Infrastructure
  • Data storage and management

    • Data types
    • Data protection measures (access controls, encryption, network segmentation etc.)
    • Deletion of old records
    • Storage, frequency and testing of backups
    • Number of backup copies and how you prevent multiple copies from being impacted by the same event
    • Recovery time
  • Endpoint security

    • The Endpoint Protection and Endpoint Detection and Response you use on your network
    • How these products are monitored and managed
    • Whether they cover all endpoints on your network
  • Perimeter security

    • Next-generation firewalls in use
    • Regularity of vulnerability scanning of network perimeter
    • Frequency of penetration testing of network architecture and whether a third party conducts this
    • Multi-factor authentication for remote access to your network
    • Methods to secure remote access to your network
  • Email security

    • Multi-factor authentication for remote access to company email accounts
    • Use of emailing filtering software
  • Network security

    • How you protect privileged user accounts
    • Whether non-IT users have local administrator rights on their computer
    • Use of a network monitoring solution to alert you to malicious/suspicious behaviour
    • Use of a Security Operations Centre (SOC)
    • Whether you have any end-of-life or end-of-support software
    • Patch management process to ensure critical patches are applied in a timely process
    • Significant changes planned for your IT infrastructure
  • Staff training

    • Phishing testing
    • Responsible password practices
    • Cyber best practices
    • Cyber incident response preparedness
  • Additional controls that you use
  • Audit information
  • Procedures around intellectual property
  • Legal counsel relating to privacy policy, terms of use, terms of service and customer policies

If you are a Colton Computer Technologies Managed Services client, we can assist you with your cyber insurance application. Give the team a call on 02 6361 1116.