Top 10 cybersecurity controls

Creating a strong cybersecurity profile begins with understanding where your security vulnerabilities exist and how you can eliminate those threats. Often your cyber insurance broker or carrier can help you get started by providing a list of controls they require. Here’s a list of common cybersecurity controls for obtaining cyber insurance; it is a good starting point helping you determine your cybersecurity profile and identify weaknesses.

1.  Multi-factor authentication
2.  Asset management
3.  Privileged account management
4.  Endpoint detection and response
5.  Third-party risk management
6.  Email filtering
7.  Patch management
8.  Incident response planning
9.  Logging and monitoring
10.  Staff training and education

It is not enough to simply have these controls in place. You need to make sure the controls are up to date and working properly. A recent court case underscored that simply having a control that was out of date and inadequate to meet todays cyberattacks is insufficient to collect on a cyber insurance policy.

One approach to ensure your security controls meet today’s threats is to have an independent, third- party compliance or consulting firm stress test your controls. Consultants who do independent verification can offer vendor-neutral recommendations on where your vulnerabilities lie and how you can remediate the problem to reduce your risk.