Organizations seeking cyber insurance coverage are typically required by their insurer to provide evidence of a panoply of controls around information security, disaster recovery, and related risk and technology requirements and best practices.
When organizational data resides only on-premises, documenting, evaluating and maintaining these controls have their challenges but are fairly straightforward for the IT, security and business teams responsible for them. They may need to install certain types of locks on data center doors, add cameras for monitoring foot traffic, and implement specific protocols limiting who can access what information. Within highly regulated industries, insurance carriers’ requirements often track closely with regulatory compliance.