Our Cyber partner Beazley recently hosted a webinar on cyber insurance during which they discussed their requirements and ‘red lines’ for writing this class of business.

Open/Visible Ports

As part of their underwriting approach/risk management, Beazley carries out a non-invasive system scan in order to identify any vulnerabilities. This scan produces results that are divided into red, amber and green categories. Green results are acceptable to insurers. Amber results are also generally accepted and do not normally prevent the risk from being bound but insurers strongly recommend that they are addressed. In some cases, insurers may make this a condition of cover. However, red results arise most frequently due to ports 3389/5900 and/or 135/445 being open and visible.

Prior to seeking a quote for cyber cover or renewing an existing policy, we therefore strongly recommend that you ensure the above ports are closed unless there is a vital reason for them to remain open. If that is the case, insurers will need to see a compelling reason for this and you will need to demonstrate that you have compensatory controls in place to prevent unauthorized access.

Underwriting Requirements

Insurers also set out a series of requirements for all cyber policies for clients above £20m in revenue.

EMAIL SECURITY

 Phishing training for all employees

 MFA in place for all remote access to the network

INTERNAL SECURITY

Endpoint Protection Product (EPP) in place

 MFA in place for all privileged user accounts at all times, remotely and on-premises

 Critical patches to be installed in short timelines

 End of life software, if present, to be segregated from the rest of the network

BACK-UP AND RECOVERY POLICIES

Backups to be encrypted

 Backups to be offline/in a cloud service designed for this purpose

When seeking to take out cyber cover, or renewing an existing policy, insurers will require positive responses to all of the above before being able to consider terms.