The surge in cyberattacks and their devastating financial impact has made cyber insurance essential for many organisations. But as cyber claims rise, insurers are tightening their terms. Businesses that fail to demonstrate strong IT security controls often face higher premiums, restricted cover, or even outright rejection of their applications.
For SMEs and financial services firms alike, a tailored cyber insurance policy can provide vital protection when something goes wrong. Yet, insurers now demand proof that businesses have implemented core security measures before granting cover. That means cybersecurity readiness is no longer optional, it’s a prerequisite.
What Cyber Insurers Want to Know
Cyber insurers increasingly assess risk based on a business’s IT environment. Key areas of scrutiny include:
- Email security
- Endpoint and PC management
- Data encryption (in transit and at rest)
Failing to meet baseline requirements in these areas can significantly reduce your chances of securing affordable and effective cover. Let’s break down the key questions insurers ask.
How Secure is Your Email System?
Email remains the number one attack vector for cybercriminals. Phishing, malware, and spoofing campaigns exploit human error to gain access to sensitive business operations. Without strong controls, a single malicious email can trigger a costly breach.
Recommended email security measures include:
- Advanced Threat Protection (ATP): Filters attachments and links in real time using Microsoft’s virtual environment, blocking malicious content before it reaches the inbox.
- Quarantine services: Suspicious emails are held for review, preventing risky content from landing in users’ inboxes.
- External email tagging: Alerts employees to potential phishing by flagging messages from outside the organisation.
- Sandboxing & detonation: Suspicious attachments are tested in an isolated environment before being released to the user.
- SPF, DKIM & DMARC: These authentication protocols verify sender identity, making it far harder for attackers to spoof your domain.
Do You Provide Phishing Awareness Training?
Cyber insurers expect businesses to demonstrate a culture of awareness. Interactive phishing training and simulations reduce staff vulnerability to social engineering attacks.
With Microsoft 365 E5 and Modalit’s phishing simulations, organisations can:
- Test user responses to real-world phishing scenarios.
- Deliver targeted training based on employee behaviour.
- Improve overall resilience by reducing click-through rates on suspicious emails.
Have You Disabled Legacy Authentication?
Legacy protocols such as IMAP, POP, and SMTP are heavily exploited by attackers. They bypass modern security measures like multi-factor authentication (MFA), leaving email accounts exposed.
Microsoft research shows:
- 99% of password spray attacks use legacy authentication.
- 97% of credential stuffing attacks exploit these outdated protocols.
- Office 365 accounts with legacy authentication enabled suffer 67% more compromises.
Blocking legacy authentication at the Office 365 level is now a minimum expectation for both cyber insurers and auditors.
Is Remote Web Access Controlled?
Outlook Web Access (OWA) is a common entry point for hackers. If not required, it should be disabled especially for shared mailboxes or accounts accessed only via Outlook clients or mobile apps. Restricting web-based access dramatically reduces your attack surface.
What Additional Security Measures Are in Place?
Insurers want to see layered defences beyond the basics. Key examples include:
- Risky User Reports: Automated alerts from Microsoft flag unusual account behaviour in real time.
- Mobile Device Management (MDM): Controls which personal devices can access company email, ensuring security policies apply consistently across smartphones, tablets, and laptops.
- Encryption: HTTPS for data in transit, and tools like Microsoft BitLocker for data at rest.
Why Work with Modalit
Meeting cyber insurers’ requirements can feel overwhelming. At Modalit, we simplify the process. Our Cranberry Cloud and Cranberry Desktop solutions deliver secure, compliant, and cost-effective IT environments that tick the boxes insurers are looking for.
Here’s what sets us apart:
- Compliance by design: Our services are FCA and ISO 27001 compliant, making regulatory due diligence straightforward.
- Expert support: Responsive engineers who understand SME and financial services challenges.
- Enhanced security: Multi-factor authentication, Microsoft Defender antivirus, spam protection, email archiving, and full encryption as standard.
- Cost efficiency: A secure hosted IT environment at a lower cost than in-house alternatives.
We also provide cybersecurity audits and technical reviews, helping you prepare for insurance assessments with confidence.
Get in touch
Insurers are clear: if you want comprehensive cyber cover, you need robust IT controls in place. By addressing gaps in email security, PC management, and data encryption, SMEs can not only qualify for insurance but also build stronger cyber resilience.
Unsure how to meet your insurer’s IT requirements? Contact Modalit today to strengthen your defences, achieve compliance, and secure the cyber insurance protection your business needs.