MPR Underwriting
MPR Underwriting
  • About
  • Team
  • Products
  • Insights
  • Resources
  • Contact
  • About
  • Team
  • Products
  • Insights
  • Resources
  • Contact
  • Linked in
  • Twitter
  • Data protection and privacy notice
  • Cookie Policy

Keeping your Cyber Insurer Happy

  • Home
  • Insights
  • Keeping your Cyber Insurer Happy

Factsheet

Cyber

    Risk mitigation is a key compliment to any quality insurance solution, and cyber is no different. A combination of a rise in the severity of claims (particularly ransomware) and hardening market conditions has focussed attention on simple yet effective measures that insurers will look for as minimum requirements:

    1. MFA/2FA

    Multifactor Authentication or Two-Factor Authentication is where the user is prompted for an additional form of identification as part of the sign-in process.

    Trusted devices are considered one form of authentication (as they are not easily duplicated) and a 2nd method is as simple as a password/PIN or biometric.

    MFA and 2FA are essentially the same thing – although MFA allows additional layers of authentication if required.

    2. Back-ups

    A basic method to minimise ransomware attacks is to back up systems and data regularly.

    However, it is not much use if they are on the same system, so they need to be separate and isolated from the network.

    Preferably, the back-ups should also be protected with encryption.

    It is even better if organisations can demonstrate that there has also been a test for full restoration and recovery (of systems and data) within the previous year.

    3. Remote Access

    Even before Covid-19, many organisations allowed employees to access their network remotely. That trend has clearly risen sharply (along with the exposures) and looks set to remain, which is a concern for insurers.

    Basic controls would include MFA/2FA for remote access as well as restricting access to sensitive data.

    A VPN (Virtual Private Network) is also a highly recommended method of protection against publicly exposed remote access services.

    4. Email Protection

    Email is one of the main vulnerabilities of any organisation. Again, simple solutions can offer additional protection.

    Utilising SPF (Sender Policy Framework) on inbound emails ensures the validity of the sender has been verified. Pre-scanning emails for malicious attachments is another basic tool.

    Incorporating MFA/2FA on email systems ensures the organisation has increased protection against BEC (Business Email Compromise), which is a dominant feature of many successful access attempts.

    5. Training

    Education remains a key component in risk mitigation as ‘bad-actors’ continue to rely on employees making mistakes. Staff can often be the biggest vulnerability.

    In a busy (and more remote) workforce these mistakes can easily happen, but the implications can be devastating.

    A fully implemented training program for all employees (including identifying phishing scams) is ideal. But even basic training (such as free modules available from the National Cyber Security Centre) is useful and very easy to implement – NCSC Staff Training

    Download PDF

    Tim Jones

    Written by

    Tim Jones

    Factsheet

    Five answers to cyber
    insurance doubts

    During the many conversations around the challenges of selling cyber insurance, some common themes emerge, but these are often easily answered.

    Factsheet

    Five overlooked features
    of cyber insurance

    With a multitude of cyber insurance products available in the UK a lot of work has been carried out on policy comparisons, but there are some product characteristics that are often overlooked or require further examination. Here are five key features and why they’re important.

    Factsheet

    Five reasons to act quickly
    during a cyber event

    Incident response providers have observed that a strong theme emerging, even where a cyber insurance policy in force, is poor escalation from the discovery of the cyber event to the point at which the appropriate experts are engaged.

    10th Floor
    Chancery Place
    50 Brown Street
    Manchester
    M2 2JG

    0161 241 3550
    enquiries@mprunderwriting.com

    • About
    • Team
    • Our Products
    • Insights
    • Resources
    • Contact
    • Data protection and privacy notice
    • Cookie Policy
    • Linked in
    • Twitter
    MPR are Chartered Insurance Underwriting Agents

    MPR Underwriting Limited is a company incorporated in England and Wales. Registered Address: 10th Floor, Chancery Place, 50 Brown Street, Manchester, M2 2JG. Company Number: 10529758. Authorised and regulated by the Financial Conduct Authority.

    Privacy Policy and Cookie Information

    We use a small number of cookies on this website to make the website as useful as possible. None of these cookies collect any personal information. To find out more about these cookies and how to control their use, see our Read More.

    Close