Cyber 27 Jun 2025

How a Strong Cybersecurity Foundation Can Protect Your Business

In today’s digital-first world, cyber risk is not a distant threat, but a close reality. With ransomware, phishing attacks and data breaches on the rise, businesses of all sizes need to be proactive with cybersecurity.

At insurance.com.au, we understand that navigating cyber risk can be complex and confusing. That’s why we have compiled a practical checklist, along with 12 key cybersecurity controls to assist in strengthening your protection.


Robust cybersecurity isn’t just about protectionit’s also key to securing cyber insurance coverage.  


The Basics: Cybersecurity Checklist Every Business Should Follow

1. Strong Password Practices:

  • Use unique, complex passwords for each account. 
  • Update passwords regularly (every 3 to 6 months).
      

2. Device Security:

  • Install and maintain antivirus and firewall software. 
  • Keep systems and applications up to date. 
  • Lock devices when they are not in use. 
     

3. Multi-Factor Authentication (MFA):

  • Enable MFA for all online accounts, especially emails and cloud storage.
  • Use email services that support MFA. 

 

4. Email Vigilance:

  • Be wary of suspicious attachments or links.
  • Conduct internal training and testing. 
  • Confirm unusual requests (e.g., payment changes) via another communication channel. 
  • Always verify identity of unknown senders. 

 

5. Secure Data Handling:

  • Encrypt sensitive data.
  • Regularly back up to secure external or cloud locations. 
  • Delete local copy that is not required, especially those containing personal information. 
  • Scan all external storage devices before use. 

 

6. Network and Remote Access:

  • Use secure remote access methods, such as a VPN or RD Gateway. 
  • Review access permissions regularly and restrict access to unnecessary users. 


7. Cybersecurity Training:

  • Educate employees on identifying phishing and social engineering attacks.

 

8. Vetting Third Parties:

  • Ensure vendors and partners follow strict cybersecurity protocols.

 


The 12 Key Cyber Controls That Insurers Want to See

To qualify for a cyber insurance policy, especially at a competitive rate, underwriters often require businesses to implement the following 12 critical controls.


1. Multifactor Authentication (MFA):

  • Essential for reducing password related breaches.


2. Endpoint Detection and Response (EDR):

  • Uses AI to detect and isolate threats in real time.


3. Immutable, Isolated Backups:

  • Prevents ransomware from encrypting or deleting backup data.


4. Network Access Controls: 

  • Apply least-privilege principles using IAM and PAM tools.


5. Content Filtering:

  • Blocks malware and filters unsafe web and email content.


6. Patch Management:

  • Regular software updates to fix vulnerabilities quickly.


7. Incident Response Plan:

  • Clearly defined protocols for managing cyber events.


8. Employee Awareness Training: 

  • Ensures staff can recognise and avoid common threats.


9. Secure Remote Access:

  • Protects remote entry points with encryption and MFA.


10. Event Log Monitoring:

  • Continuously reviews system logs for early threat detection.


11. Retire End-of-Life Systems:

  • Replace outdated software and hardware promptly.


12. Supply Chain Risk Management:

  • Evaluate and contractually require vendor security practices.

 

Ready for Cyber Insurance?

Meeting the listed cybersecurity standards may improve your eligibility and pricing for cyber insurance, subject to the insurer’s assessment criteria. As the threat landscape evolves, insurers are tightening their requirements, and being prepared is the best way to stay ahead.


If you are looking to explore cyber insurance options, reach out to our team via the details below!  

Get in touch

Call us during business hours

Mon - Fri 8.30am - 7.00pm (AET)

Leave us a message

This article has been prepared by insurance.com.au Pty Ltd (insurance.com.au) ABN 27 163 909 073, an Authorised Representative (AR Number 443422) of Insurance House Pty Ltd ABN 33 006 500 072 AFSL 240954. A copy of insurance.com.au’s Financial Services Guide (FSG) is available here 


The information in this article is of a general nature and does not take into account your individual objectives, financial situation or needs. Before making a decision based on any of the information, you should consider whether it is appropriate to your particular circumstances. You should also obtain and consider the Product Disclosure Statement (PDS) and, where available, Target Market Determination (TMD) before making any decision to acquire a financial product.  


The information is current at the time of publication. While every effort has been made to verify the accuracy of the information, insurance.com.au, its officers, representatives, employees and agents disclaim all liability (except for any liability which by law cannot be excluded), for any error, inaccuracy in, or omission from the information contained in this material for any loss or damage suffered by any person directly or indirectly through relying on the information. 

Leave us a message