There has been a 273% increase in records exposed compared to last year. It makes sense that more organizations are pursuing cyber security insurance to minimize their cost impact.
Even insurance agencies themselves are enhancing their security postures for their firms. With their increased awareness of what security safeguards should be prioritized internally for insurance companies, this is also a good gauge for companies to note when seeking cyber insurance.
The Independent Insurance Agents & Brokers of America, Inc. (the Big “I”) Agents Council for Technology (ACT) offers its Agency Cyber Guide that outlines a 12 steps for cyber security compliance.
- Risk Assessment – Evaluation of an organization’s risks that could have a negative impact on its business operations and how to mitigate those risks through security controls. An ongoing risk management program provides continuous maintenance and insight on your risk profile and how to enhance your security.
- Documented Security Policy – A company’s plan to continuously protect their data, network, information, and other assets.
- Incident Response Plan (IRP) – An organization’s approach and response to a security breach on minimizing impact and recovery time while maintaining compliance requirements. Explore an ongoing program that gets in front of any potential cyber security threats or attacks. You can be response ready with an Incident Response Readiness as a Service (IRRaaS) program.
- Security Training and Monitoring – Regular training and review of employees that manage data or access to an organization – physical or electronic.
- Penetration Testing & Vulnerability Scanning – Ongoing testing if security controls are effective against vulnerabilities. Consider a Recurring Penetration Testing program to assess your safeguards throughout the year for a proactive security approach.
- Access Control Protocol – Ensuring only authorized parties have access to sensitive information.
- Documented Security Policy for Third-Party Service Providers – Policies and procedures on how third-parties manage information of a client’s systems and information.
- Encryption of Non-Public Information – Encoding data to only be ready by sender and intended recipient.
- Designation of Chief Information Officer (CIO) or Executive
- Audit Trail – Step-by-step history of a process to confirm good internal controls.
- Multi-Factor Authentication (MFA) – Security system that requires more than one method of authentication to verify a user’s identity.
- Procedure for Disposal of Non-Public Information – Process on properly disposing of information and documents.
We can help you ensure your security policies and posture are reasonable and aligned when investing in cyber insurance. Let’s scope your needs.