BARAMUNDI CHECKLISTS provide concise, step-by-step expert advice for handling common IT challenges in a straightforward way. You can find more checklists here.
For many underwriters, the field of cyber insurance is still relatively uncharted territory. With few generally applicable guidelines or requirements to follow, current and prospective policyholders should consider these points:
To date, there are no insurance industry standards for coverage, exclusions or network security requirements. For this reason insurance companies are using the National Institute of Standards and Technology (NIST) Cybersecurity Framework and ISO/IEC 27001 as the basis for determining if a company has its IT infrastructure under control.
An accurate and current inventory of all network devices is the essential starting point for identifying and assessing existing cybersecurity risks. Regular reporting provides the basis for establishing and maintaining coverage.
Duty of care is key. This includes documenting practices for closing known vulnerabilities, regularly creating and testing backups, and other factors.
Many insurance policies exclude damage caused by continued operation of legacy systems. This mainly affects industrial and manufacturing companies who must implement appropriate measures to protect older systems from malicious actors.
Policyholders are responsible for training employees how to recognize and respond correctly to cyber threats. Most insurance companies reward or require recurrent cybersecurity awareness training.
Even in the event of an incident, the amount paid out rarely covers the entire loss. In most cases, 10 percent is reserved for the deployment of an incident response team to ensure rapid remediation and recovery after a major incident. Moreover, investing resources in prevention pays off better in case of doubt than relying solely on a policy.
The baramundi Management Suite (bMS) modules Inventory, OT Inventory, Network Devices, Mobile Devices Premium, Vulnerability Scanner, OT Vulnerability Identification, Patch Management, Managed Software, Device Control, Defense Control and Personal Backup and Disaster Recovery provide all capabilities needed to support cyber insurance coverage.