17 New Cyber Liability Insurance Questions Your Provider Will Ask

Are you ready for this?

What steps will you have to take to acquire cyber liability insurance today?

We’ve received lots of requests from clients or prospects asking us to help populate their cyber liability insurance questionnaires. A few of the more important questions being asked are below.

E-MAIL SECURITY

1. Do you filter/scan incoming e-mails for malicious attachments and/or links?
2. Do you strictly enforce SPF on incoming e-mails?
   • Guideline: Sender Policy Framework (SPF) allows you to publish IP addresses which should be trusted for your domain.
3. Are external emails tagged to alert your organization’s employees that the email originated from outside the organization?
4. Does your cyber security awareness program include phishing training and testing?
   • If “Yes” to the above, howoften are phishing exercises conducted (e.g. monthly, quarterly, annually)?
5. Do you use Office 365 in your organization?
   • If “Yes” to the above:
     Do you use the o365 Advanced Threat Protection add-on?
     Do you enforce multi-factor authentication for all users of Office 365?

INTERNAL SECURITY

1. Do you use malware protection or endpoint detection and response (EDR) tools
   • Guideline: Common EDR tools include Carbon Black Cloud, Cisco AMP, Crowdstrike Falcon, Cylance, Endgame Endpoint Protection, Symantec EDR, Windows Defender.If “Yes” to the above, do you use an external service provider to monitor EDR tools?
2. Do you use multi factor authentication:
   • To protect privileged user accounts?
   • For remote access to your organization’s network?
3. Do you have a secure/hardened baseline configuration which is regularly reviewed and updated by someone with security expertise and/or in line with industry standards?
   • If “Yes” to the above, is this baseline configuration materially rolled out across servers, laptops, desktops and managed mobile devices?
4. Do you have established processes for rapidly applying critical security patches across servers, laptops, desktops and managed mobile devices?
5. Do you route all outbound web requests through a web proxy which monitors for and blocks potentially malicious content?
   • If “Yes” to the above, which Web Proxy Service do you use (e.g. Websense, Bluecoat)?

BACKUP AND RECOVERY POLICIES

1. Do you take regular (at least monthly) backups of key server configurations and data?
2. Are your backups encrypted?
3. Are your backups disconnected from and inaccessible through the organization’s network?
4. Do you test the successful restoration and recovery of key server configurations and data from backups?
5. Do you use credentials unique to backups that are stored separately from other user credentials?
6. Do you use a protective DNS service (e.g. Quad9, OpenDNS or the public sector PDNS)?

OTHER RANSOMWARE PREVENTION MEASURES

Please describe any additional steps your organization takes to detect and prevent ransomware attacks (e.g. segmentation of your network, additional software tools, external security services, etc.).

And then sign and print your name, title, company and date.

Don’t assume that you’re meeting these guidelines.  As a professional IT services provider we speak to countless well-meaning organizations that assume they are secure based on very flimsy to no evidence. 

For example:

• turning on Windows Update on all computers does NOT guarantee that updates are being applied. 
• Installing an anti-virus agent does not ensure that the agent continues to receive updates and function as designed.

DO NOT casually answer these questions with a yes, or you may find you have NO COVERAGE at all when you need to file a claim.

Questions? We can help!