Skip to main content
What can we help you find?
main content, press tab to continue
Article

Cyber insurance claims

September 20, 2024

Below we set out the most frequently cited fact patterns reported by insurers, when recounting what has led to claim payouts on cyber insurance policies.
N/A

Cyber insurers hold a wealth of claims data which can be mined for invaluable learnings in risk prevention. Below we set out the most frequently cited fact patterns reported by insurers, when recounting what has led to claim payouts on cyber insurance policies.

Typically, claims start with:

  • Multifactor Authentication not being mandated for remote access
  • Vulnerability Management (patching) not keeping up
  • Vulnerable Services exposed to the internet

Factors contributing to a larger blast surface:

  • Privilege Access Management is weak
  • Lack of NextGen Anti/Virus / Endpoint Detections Response (EDR) capability
  • Lack of Detection & Monitoring capability in place (No SIEM / SOC)
  • Local Administrator accounts spread widely

Reviewing the common fact patterns, we have worked with insurers to collate the cybersecurity controls they recommend being prioritise to minimize the risk of compromise:

  • Remote Connectivity – Virtual Private Network (VPN), Virtual Desktop Interface (VDI), Windows RDP, SMB
    • Enable multifactor authentication (MFA) for all remote connections
    • Do not expose vulnerable remote connection services to the Internet
  • Protect Privilege Access – conduct regular reviews of privilege access
    • Separate privilege access from standard access
    • Implement MFA for all privilege access
    • Restrict local admin authority on workstations
    • Log, track, and manage all privilege access activity
    • Follow Microsoft’s tiered approach for domain admin authority and service accounts
    • Restrict reach of highly privileged service accounts, rotate passwords, passwords should be long (25 characters or longer), disable interactive logon
  • Endpoint Protection – limit and monitor behavior/use on endpoints
    • Deploy Endpoint Detection and Response (EDR) to 100% of all endpoints
    • Deploy critical patches within 24-72 hours 95% of the time
  • Reduce the human factor – one wrong click can undo everything
    • Actively train and phish employees
    • Flag external emails and use email filtering

Companies today need to prioritise cybersecurity spending. However, having a one-dimensional risk management strategy solely focused on risk mitigation or solely relying on an outsourced security solution as your guarantee against cyber events impacting your business is risky and short-sighted. Setting up a cyber insurance policy adds vital financial protection and incident response expertise and services, to be crisis-ready.

Related content tags, list of links Article Cyber Risk Management
Contact us