Present Blog – IT Thought Leadership

Cyber insurance and SMEs: Improve your security posture or give up coverageLike most companies, you can't afford to have a contingency fund to cover all the costs of a successful cyberattack.

This is where cyberinsurance comes in, whose role is to cover the often very high and usually unbudgeted expenses in response to a major cyber incident.

The cyber insurance market growth forecast illustrates the demand for this approach.

Global cyber insurance market with strong expected growth

However, qualifying for an insurance policy today can be a long and tedious process due to:

  • the sharp increase in ransomware attacks, email compromises, supply chain disruptions and social engineering attacks;
  • very large disbursements incurred by insurance companies.

So on the one hand getting cyber insurance is now a must for SMBs, and on the other, insurers are demanding tighter cybersecurity controls, while increasing premiums and limiting coverage to cover their risks. .

To qualify for cyber insurance today, SMBs must have security controls in place or risk being denied coverage.

We already knew that insurance policies doesn't absolve organizations from taking proactive steps to secure their data.

But what has changed is that today customers are required to do so or risk having their policies canceled or declined.

The number of checks required may vary depending on the insurance company, but they all agree on the most critical checks.

Marsh, which is the world's largest insurance broker and risk management advisor, recommends that companies implement 12 cybersecurity controls to enable insurability at the lowest cost.

The prerequisite provides that potential customers have already implemented the first 5 controls.

Top Cybersecurity Controls

Let's take a closer look at these requirements.



Why is it important?

Exemples of solutions

Multi-factor authentication (MFA)

Reduces risk by requiring the user to provide at least 2 pieces of evidence to be authenticated, including:

  • Something he knows;
  • something he owns.

MFA should apply to:

  • Critical applications;
  • Privileged Accounts;
  • Remote access;
  • Backup solutions.

When the adversary grabs your credentials, the game could be over.

MFA prevents unauthorized access to your applications and network by addressing the following risk:

  • Weak passwords;
  • Phishing;
  • Theft of identifiers and reuse of known passwords.

Microsoft Azure AD and Conditional Access;

Endpoint managed detection and response

Protects your company against known and unknown attacks by analyzing suspicious behavior at endpoints.

The solutions are operated by a SOC (Security Operations Center) in order to address threats from start to finish.

Attacks against endpoints not protected by this control result in the compromise of data from stations, servers, phones and tablets.

Present's Service of proactive protection on your workstations and servers using the following advanced Detection and Response technologies:

  • SentinelOne;
  • Microsoft Defender.

Safe backups

Aims to provide backups of your environment and your data that have integrity and are available, for recovery purposes in the event of an attack or partial or total unavailability of your applications.



The absence of exploitable and sufficiently recent backups increases your risk of having to pay a ransom and, more generally, weakens your company.

It is essential to secure your backups and regularly test your backups and your recovery plan.

Privileged Access Management (PAM)

  • Makes it harder for attackers to break into a network and gain access to a privileged account.
  • Monitors sessions used by privileged access accounts and generates alerts regarding abnormal session usage.

When attackers compromise privileged access accounts, the risk of significant damage is extremely high.

it is therefore crucial to control privileged access to systems and applications,

Microsoft Purview Privileged Access Management.

Email filtering

Provides the first line of defense by:

  • Filtering incoming emails;
  • Blocking malicious sites or downloads;
  • Testing suspicious content in a secure sandbox environment;

Malicious links and files are the primary means adversaries use to insert malicious code into your systems or steal your users' passwords.



• Microsoft Defender for Office 365;

• Email filtering by Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) et Domain-based Message Authentication, Reporting & Conformance (DMARC)

Patch and Vulnerability Management

Constitutes a risk-based security approach of discovering, prioritizing, and remediating vulnerabilities.


Hundreds of vulnerabilities are disclosed each month for multiple applications and systems.

Unpatched, these vulnerabilities are a major risk of intrusion into your systems.

Microsoft Defender Vulnerability Management.

Incident Response Plan

Document a predetermined set of instructions or procedures to detect and respond to a cyber attack.

Prevention is always better than cure.

But when cyber incidents do occur, detecting them as early as possible and responding to them quickly and effectively is critical to mitigating the impacts on your organization, and thereby limiting your overall costs.

Incident response plan.

Cybersecurity awareness and phishing attack testing

Used to inform employees about risks and threats.

Phishing tests aim to simulate phishing attacks to measure employee awareness.

95% of cybersecurity issues are attributable to human error.

In order to protect your business from the repercussions of a cyber incident, cybersecurity awareness and phishing testing have become a must.

Terranova Security

Remote Desktop Protocol (RDP) mitigation

Widely used, Microsoft Remote Desktop is a tool built into Windows that makes working remotely easier, but requires additional protection.

Internet-visible remote access services such as Microsoft's Remote Desktop Protocol (RDP) are one of the primary attack vectors used by adversaries, along with phishing and software vulnerabilities.

  • Use of a VPN; or a remote access gateway;
  • Multi-factor authentication (MFA);
  • Monitoring and management of RDP sessions;

Logging and Monitoring

Aims to identify any suspicious activity in the environment, by setting up a logging configuration relating to the main systems and applications of the company.

The solution makes it possible to collect, establish correlations and alert, if necessary, the team capable of analyzing and acting in the event of an incident.

Businesses must not only implement a set of controls to protect their organizations from a cyberattack, but also to timely detect any suspicious activity that could:

  • Reveal a potential attack in progress.
  • Trigger an intervention plan.

Present's Security Incident and Event Management (SIEM) service.

Replacement or protection of end-of-life systems

Products that reach the end of their lifecycle no longer receive security updates.


Vulnerabilities in end-of-life products are no longer patched, allowing adversaries to gain easier access to systems.

  • The best way to mitigate this risk is to stop using the obsolete product and replace it with a newer, supported solution.
  • Where this is not possible, end-of-life systems should be protected by restricting access to those systems, and isolating them from other connected systems.

Digital Supply Chain Cyber Risk Management

The digital supply chain is made up of information technology service providers who, together with enterprise IT, deliver digital services.



The most commonly used third-party software supply chain components are popular targets for adversaries, as opening a breach in a service provider's system potentially allows access to the service provider's many customers. Think back to the  recent vulnerabilities associated with Log4J and Kaseya.

  • Adopt a supply chain risk management framework;
  • Enforce strict restrictions on privileged accounts;
  • Implement multi-factor authentication (MFA);
  • Design and test your Incident Response Plan.


The cyber insurance industry is changing its practices, requirements, premiums, and scope of coverage as cyber risks evolve, ransom costs increase, and regulatory controls become more stringent.

In this context, some SMEs are therefore wondering whether they should take out insurance.

The following points should be considered:

  • Cyber risk is much higher than fire risk;
  • The cost of cyber insurance is by far much lower than all the costs you will have to bear in the event of a cyber attack or a data breach;
  • With or without insurers requirements, you should improve your security posture in any case, to ensure you stay in business.

And SMEs that choose to benefit from the coverage of cyber insurance by transferring part of their risk, must now demonstrate proactive and continuous preparation in terms of cybersecurity,

By doing so, they not only improve their safety posture, but also take advantage of the safe driver discount, in the context of recent increases to premiums, due to the number and amount of claims.

With a comprehensive cybersecurity program in place, renewals are more predictable and coverages are more appropriate for your SMB.

Present understands the requirements of cyberinsurers and routinely helps SMBs implement the controls required to obtain or maintain cyberinsurance coverage.

You can contact us to validate your current posture as well as any eventual discrepancies with the essential security measures you are required to put in place.

This will ensure that you benefit from the lowest premiums and the level of security required.

New call-to-action