Somerville, one of Australia's end-to-end technology service providers, has announced it has partnered with diversified insurance services group, PSC Insurance, to provide organisations with a cyber insurance checklist in support of their requirements for tailored cyber insurance policies.
As the cyber threat landscape constantly evolves and growing numbers of businesses fall victim to attacks, the need for cyber insurance has never been higher. Cyber insurance policies are designed to assist organisations in coping with the disruption and cost of an attack, including the loss of data, ransomware attacks and the reputational damage caused by an attack. In addition, some policies extend further and assist with privacy liability, media liability, regulatory proceedings, and fallout from supply-chain attacks.
“Staying ahead of constantly evolving cyber threats is one of the major challenges facing Australian businesses. To mitigate this risk, it's crucial that businesses consistently develop, evolve, and improve their cybersecurity posture in today's fast-paced environment," says Tom Salter, account executive at PSC Insurance.
“Effectively managing cyber risks enhances an organisation’s ability to avoid, respond to, and recover from cyber-attacks. However, it is also imperative to demonstrate to insurers that your business has a robust risk management system in place to secure the most appropriate coverage that meets the needs of your business. With cyber-attacks becoming increasingly sophisticated, Insurers now demand increasing levels of risk management from businesses seeking coverage.”
“PSC is thrilled to have partnered with Somerville to provide a checklist, not only to further protect organisations, but also open them up to the added support of an insurance policy.”
While purchasing cyber insurance may be challenging, Somerville has worked with PSC Insurance to develop an IT cybersecurity checklist that advises companies to consider several security factors supporting their cyber insurance policies.
“It is important to ensure that all sensitive and personal data is encrypted both at rest and in transit. This will reduce the chances of it being misused following an attack,” says Somerville.
“The deployment of Multi-factor Authentication (MFA) is likely to be a requirement of many insurers. This is because MFA can significantly reduce the chances of unauthorised parties gaining access to corporate IT resources."
“All endpoints on an organisation’s network should be protected by the use of firewalls and antivirus software. It is also important that these tools are regularly updated.”
“All critical data needs to be regularly backed up to ensure recovery is possible should an attack take place. Backups should also be stored off-site and segregated from the main corporate environment.”
“Data backups should also be regularly tested to ensure their integrity and confirm that they are capable of restoring all core systems within the organisation.”
“All incoming email should be automatically scanned for malicious links and attachments. This will reduce the chances of a cybercriminal gaining access to centralised systems.”
“Regular security awareness training should be conducted for all staff. This should include clear explanations of the risks being faced and the steps staff can take to ward off attacks.”
“Organisations should also have in place established procedures to verify requests for changes in customer and partner details. This will ensure only legitimate requests are actioned.”
“Rigorous checks should also be in place when it comes to authorising any financial transactions. This could include the need to at least two parties to authorise all transactions over a set amount.”
“A patch management policy needs to be in place that ensures all critical patches are installed as quickly as possible after their release.”
Craig Somerville, chief executive officer of Somerville, further explains, "Organisations are unlikely to get any insurance cover unless their existing cybersecurity is deemed to be sufficient by the insurer. This checklist helps to ensure that companies have appropriate tools in place that are constantly managed and regularly updated. They can demonstrate evidence of staff education as well as the implementation of policies that reduce the chance of attacks occurring in the first place. At the end of the day, cyber insurance only works as a top-up to existing effective security measures. It is not a replacement and should not be regarded as an easy alternative."