Can this checklist help clients get cyber cover ready?

PSC Insurance Group (PSC or PSC Insurance) has teamed up with Somerville to provide organisations with a cyber insurance checklist that supports their requirements for tailored cyber insurance policies.

Somerville is an Atturra-owned company that has been delivering 40 years of service and value to customers across a wide variety of industries, including insurance, finance, education, legal, superannuation, and automotive.

“PSC is thrilled to have partnered with Somerville to provide a checklist, not only to further protect organisations, but also [to] open them up to the added support of an insurance policy,” said Tom Salter (pictured), account executive at PSC Insurance.

Somerville CEO Craig Somerville said: “Today, organisations are unlikely to get any insurance cover unless their existing cybersecurity is deemed to be sufficient by the insurer.

“This checklist helps to ensure that companies have appropriate tools in place that are constantly managed and regularly updated.”

Craig Somerville cautioned that cyber insurance “only works as a top-up to existing effective security measures”

“It is not a replacement and should not be regarded as an easy alternative,” he said.

Technology supporting cyber insurance policies

The IT cybersecurity checklist advises companies to consider the following security factors to support their cyber insurance policies:

• Encryption – it will reduce the chances of sensitive and personal data being misused following an attack;
• Multi-factor authentication (MFA) – deploying it is likely to be a requirement of many insurers because it can significantly reduce the chances of unauthorised parties gaining access to corporate IT resources;
• Endpoint protection – all endpoints on an organisation's network should be protected by using firewalls and antivirus software;
• Data backups – critical data must be regularly backed up to ensure that recovery is possible should an attack take place;
• Backup testing – data backups should be regularly tested to ensure that their integrity and confirm that they can restore core systems within the organisation;
• Email scanning – incoming email must be automatically scanned for malicious links and attachments to reduce the chances of cybercriminals gaining access to centralised systems;
• User training – regular security awareness training should be conducted for all employees and include clear explanations of the risks being faced and the steps employees can take to avoid falling victim to cyberattacks;
• Admin checks – organisations should have established procedures to verify requests for changes in customer and partner details;
• Financial checks – organisations must have rigorous checks in place when authorising any financial transactions; and
• Patch management – Organisations must have a patch management policy to ensure that all critical patches are installed as quickly as possible after their release.

“Staying ahead of constantly evolving cyber threats is one of the major challenges facing Australian businesses today. To mitigate this risk, it's crucial that businesses consistently develop, evolve, and improve their cybersecurity posture in today's fast-paced environment,” Salter said.

“Effectively managing cyber risks enhances an organisation's ability to avoid, respond to, and recover from cyberattacks. However, it is also imperative to demonstrate to insurers that your business has a robust risk management system in place to secure the most appropriate coverage that meets the needs of your business. With cyberattacks becoming increasingly sophisticated, insurers now demand increasing levels of risk management from businesses seeking coverage.”

PSC Insurance Group is one of the top 10 largest insurance companies in Australia for 2023, with a $1.73 billion market cap.