How a Strong Cybersecurity Foundation Can Protect Your Business

At insurance.com.au, we understand that navigating cyber risk can be complex and confusing. That’s why we have compiled a practical checklist, along with 12 key cybersecurity controls to assist in strengthening your protection.

Robust cybersecurity isn’t just about protection, it’s also key to securing cyber insurance coverage.  

The Basics: Cybersecurity Checklist Every Business Should Follow

1. Strong Password Practices:

• Use unique, complex passwords for each account. 
• Update passwords regularly (every 3 to 6 months).
    

2. Device Security:

• Install and maintain antivirus and firewall software. 
• Keep systems and applications up to date. 
• Lock devices when they are not in use. 
   

3. Multi-Factor Authentication (MFA):

• Enable MFA for all online accounts, especially emails and cloud storage.
• Use email services that support MFA. 

4. Email Vigilance:

• Be wary of suspicious attachments or links.
• Conduct internal training and testing. 
• Confirm unusual requests (e.g., payment changes) via another communication channel. 
• Always verify identity of unknown senders. 

5. Secure Data Handling:

• Encrypt sensitive data.
• Regularly back up to secure external or cloud locations. 
• Delete local copy that is not required, especially those containing personal information. 
• Scan all external storage devices before use. 

6. Network and Remote Access:

• Use secure remote access methods, such as a VPN or RD Gateway. 
• Review access permissions regularly and restrict access to unnecessary users. 

7. Cybersecurity Training:

• Educate employees on identifying phishing and social engineering attacks.

8. Vetting Third Parties:

• Ensure vendors and partners follow strict cybersecurity protocols.

The 12 Key Cyber Controls That Insurers Want to See

To qualify for a cyber insurance policy, especially at a competitive rate, underwriters often require businesses to implement the following 12 critical controls.

1. Multifactor Authentication (MFA):

• Essential for reducing password related breaches.

2. Endpoint Detection and Response (EDR):

• Uses AI to detect and isolate threats in real time.

3. Immutable, Isolated Backups:

• Prevents ransomware from encrypting or deleting backup data.

4. Network Access Controls: 

• Apply least-privilege principles using IAM and PAM tools.

5. Content Filtering:

• Blocks malware and filters unsafe web and email content.

6. Patch Management:

• Regular software updates to fix vulnerabilities quickly.

7. Incident Response Plan:

• Clearly defined protocols for managing cyber events.

8. Employee Awareness Training: 

• Ensures staff can recognise and avoid common threats.

9. Secure Remote Access:

• Protects remote entry points with encryption and MFA.

10. Event Log Monitoring:

• Continuously reviews system logs for early threat detection.

11. Retire End-of-Life Systems:

• Replace outdated software and hardware promptly.

12. Supply Chain Risk Management:

• Evaluate and contractually require vendor security practices.

Ready for Cyber Insurance?

Meeting the listed cybersecurity standards may improve your eligibility and pricing for cyber insurance, subject to the insurer’s assessment criteria. As the threat landscape evolves, insurers are tightening their requirements, and being prepared is the best way to stay ahead.

If you are looking to explore cyber insurance options, reach out to our team via the details below!