Benchmarking cyber resilience through stronger controls
Source: Middle East Insurance Review | Jun 2023
Most organisations deploy at least five basic account monitoring and protection controls according to a new cyber resilience report.
Published by Airmic in association with Marsh, the seven page report Benchmarking your cyber resilience -how do you rank against your peers says insurers are increasingly selective about the risks they underwrite, amid increased cyber-attacks and related claims.
It says adopting cyber risk controls can be crucial in determining terms and pricing of the insurance cover and even whether coverage is secured at all.
Airmic CEO Julia Graham said, “Organisations that understand the drivers of cyber risk and opportunity in the context of main stakeholders and their sector will be better equipped to successfully navigate the complexities of the evolving cyber threat landscape.”
She said, “As with any risk, taking time to understand your cyber risk profile and how this compares to peers across a sector can reap material dividends.”
The report said that nine out of 10 clients deployed these five basic account monitoring and protection controls.
- Account monitoring: Accounts are disabled upon termination of an employee
- Protection capabilities: Incoming emails are filtered/scanned for malicious attachments and links
- Account monitoring: Minimum password requirements are in place
- Protection capabilities: Anti-malware solutions are installed on at least 75% of endpoints and are regularly updated
- Protection capabilities: Firewalls are configured to prevent unauthorised access and the firewall configurations are reviewed at least annually.
Ms Graham said, “Presenting your organisation to insurers in the best possible way, demonstrating knowledge and awareness of the relevant risks and controls, makes good business sense - and is more likely to achieve cyber insurance cover at a price you are prepared to pay.
“In turn, controls built on proactive, threat-led cyber security solutions and well-rehearsed and realistic crisis scenarios can prevent increasingly capable criminals from forcing your business into situations that are difficult to navigate.”
Many insurers have made the adoption of certain controls — mechanisms or processes to protect an organisation’s cyber vulnerabilities — a minimum requirement for securing any level of cyber insurance, let alone coverage with favourable pricing and terms. M