3 metrics cyber insurers appreciate

The requirements for cyber insurance have been getting harder and harder, even for businesses with a small footprint.

I thought I would show you 3 metrics that I have seen in insurance intake forms. These should help you think about what you might have to put in place in order to satisfy their requirements, but also what you might want to measure.

The average time it takes you to triage endpoint incidents. Top performers can respond to these incidents under 30 minutes. Worst performers will never be aware of anything. To measure this, you need some kind of way to monitor the laptops you provide employees with. You also need someone to operate the monitoring tools and an incident response plan.

The number of users with persistent admin credentials. In a perfect world, you would only get admin access for documented operations, for pre-established reasons, at a pre-established time. But in the real world, some people end up with permanent admin access. Are you tracking this?

The time it takes you to deploy high priority patches. Modern tools used by adversaries can ingest data about new vulnerabilities in a short amount of time. The speed at which you apply patches should not be left to chance. You need to know that new patches are available, what impact they have, and when you can schedule time to apply them. This should be measured in hours or days, not weeks. Remember that patching can disrupt operations in unknowable ways.

You effort it takes for you to find these numbers is a good sign of the maturity of your security program.