Cyber Insurance Assessment Readiness Checklist

The booming cyber insurance market is a reaction to the explosion of cyberattacks and data breaches in the last few years. In 2021, attacks increased 50%, much more than businesses or insurers expected or budgeted for. Given that most cyber incidents involve compromised credentials, it’s no wonder insurance companies are tightening requirements related to Privileged Access Management (PAM). Specifically, insurers are taking a close look at how well businesses follow PAM practices such as granular access control, Multi-Factor Authentication, and the principle of least privilege to protect privileged accounts and systems. While each insurer will have its own methodology to assess risk, the questions below are ones they’re likely to ask you. The questions are grouped according to the five key functions of the National Institute of Standards and Technology’s (NIST) cybersecurity framework (Identify, Protect, Detect, Respond, and Recover) and focus on reducing risk for the most common and vulnerable attack vector — privilege. The more completely you can answer these questions on the next few pages, the more likely you are to obtain a cyber insurance policy at a rate that reflects your risk.