About this program
Most cyber-insurance applications now ask the same 30 questions. Pre-empt them and avoid claim disputes.
Risks addressed
- Critical Claim denied because a control attested-to was missing
- Medium Premium spikes because of weak controls reported
- High No incident playbook for insurer notification
Controls (7)
-
MFA on email, VPN, admin, RDP
CriticalMFA on email, VPN, admin, RDP
How to test + evidence
Testing procedure: Insurer Q: is MFA on every entry path? Yes / partial / no.
Evidence to collect: MFA coverage evidence.
-
EDR on all endpoints + servers
CriticalEDR on all endpoints + servers
How to test + evidence
Testing procedure: EDR roster matches asset inventory.
Evidence to collect: EDR coverage.
-
Offline / immutable backups + quarterly restore test
CriticalOffline / immutable backups + quarterly restore test
How to test + evidence
Testing procedure: Backup immutability + most recent restore test.
Evidence to collect: Backup config + restore test.
-
Patching SLAs documented + met
HighPatching SLAs documented + met
How to test + evidence
Testing procedure: Critical patched <=7 days, high <=14 days, with evidence.
Evidence to collect: Patch compliance dashboard.
-
Email security: SPF + DKIM + DMARC + ATP
HighEmail security: SPF + DKIM + DMARC + ATP
How to test + evidence
Testing procedure: Email gateway + DMARC at p=quarantine or stricter.
Evidence to collect: DNS + gateway config.
-
IR plan + tabletop within last 12 months
HighIR plan + tabletop within last 12 months
How to test + evidence
Testing procedure: Insurer Q: when did you last test? Show after-action report.
Evidence to collect: IR plan + tabletop AAR.
-
Insurer notification timeline in IR plan
HighInsurer notification timeline in IR plan
How to test + evidence
Testing procedure: Plan documents who calls insurer and when (typically within 72h).
Evidence to collect: IR plan extract.