Cyber Insurance checklist

Download here

Cyber insurance – 6 thoughts that pay off


BARAMUNDI CHECKLISTS provide concise, step-by-step expert advice for handling common IT challenges in a straightforward way. You can find more checklists here.

The field of cyber insurance is still relatively uncharted territory for underwriters and policyholders. With few established guidelines or
requirements to follow, companies seeking or updating coverage should consider these 6 points:

1. No binding standards


Insurance companies are currently orienting themselves, e.g., to the standards of the NIST Cybersecurity Framework (National Institute of Standards and Technology) and ISO/IEC 27001. The insurance company primarily wants to know: Does the company have its IT under control?

2. Inventory and reporting


An accurate and current inventory of all network devices is the essential starting point for identifying and assessing existing cybersecurity risks. Regular reporting provides the basis for establishing and maintaining coverage.

3. Take responsibility


Duty of care is key. This includes documenting practices for closing known vulnerabilities, regularly creating and testing backups, and other factors. 

4. Legacy systems


Many insurance policies exclude damage caused by continued operation of legacy systems. This mainly affects industrial and manufacturing companies who must implement appropriate measures to protect older systems from malicious actors. 

5. Raise awareness


Policyholders are responsible for training employees how to recognize and respond correctly to cyber threats. Most insurance companies reward or require recurrent  cybersecurity awareness training.

6. Coverage expectations


Even in the event of an incident, the amount paid out rarely covers the entire loss. In most cases, 10 percent is reserved for the deployment of an incident response team to ensure rapid remediation and recovery after a major incident. Moreover, investing resources in prevention pays off better in case of doubt than relying solely on a policy.

In short: Even with few standards established, insured companies are typically required to document IT risk management practices. The baramundi Management Suite is a comprehensive UEM solution that can increase cybersecurity and help companies obtain optimal insurance protection.

The practical checklist always at hand?