Priority Areas for Cyber Liability Insurance

Cyber liability has quickly become one of the most dynamic insurance coverages in the marketplace. In addition to potentially sky-high insurance claims, the requirements to qualify are becoming more stringent.

Marsh advises its clients to consider twelve cyber controls to strengthen their cyber security. These range from endpoint protection, disaster recovery, phishing-aware workforce, among many others.

While organizations seeking cyber liability insurance should be looking to meet all of the cyber controls, the following provides insight into some of the priority areas for insurers:

  • Multi-Factor Authentication (MFA) – required for remote access, remote email access, and when accessing privileged accounts (i.e., service and administrator accounts)
  • Protected Privileged Accounts – insurers are looking for organizations to keep their privileged accounts to a minimum, and to carefully manage their access across within their network
  • Secured Endpoints – this is becoming ‘table stakes’ as it provides the capabilities to detect, contain, and respond to malicious activity on desktops and laptops
  • Patched Systems & Applications – updates and patches for critical systems should be applied within 24-72 hours to limit post zero-day (‘previously unknown vulnerabilities’) attacks

For many organizations, achieving a satisfactory level of compliance with these cyber security controls will come in partnership with a managed security services and / or solution provider. Operationally, internal IT teams will harden many of their existing functions and procedures while relying on an external party to perform many of the specialized functions and processes. 

For more information on cyber security for municipalities and not-for-profits, please contact danb [at] (Dan Blackburn, Senior Director of Growth & Innovation)