Zurich Insurance
126 Hagley Rd Birmingham, West Midlands, B16 9PF +44 121 456 1999
+44 121 456 1999
  • About Zurich

    Zurich is a leading multi-line insurance provider with a global network that spans more than 170 countries. Working closely with customers and brokers alike, Zurich is proud to offer a spectrum of life insurance and services and general insurance to personal lines, SME, mid-market and global corporate customers.  When it comes to brokers, Zurich is not only focused on offering the best products but practical expertise, tools and knowledge that they can pass on to their clients too. Our key online resource and newsletter Insider allows UK brokers to enjoy free access to the latest expertise, thoughts and opinions on the insurance industry.

    Simply register online to start getting the latest industry insights from Zurich’s Insider newsletter and information hub> www.insider.zurich.co.uk

    For more information on Zurich’s products and services please visit www.zurich.co.uk/broker

5 steps to a better Cybersecurity programme


Are you responsible for cybersecurity for your company and not sure where to begin to ensure your program is up to the test of a cyberattack? Or, perhaps you are not directly responsible for cybersecurity, but as a manager you want to understand the risks? Cybersecurity can be complex and confusing, but there are some basic steps that can help you develop a more robust cybersecurity programme.

Recommended actions for your programme may include:

1. Take a complete and accurate inventory of your IT assets.

Security of any type is concerned with protecting assets. In the case of cybersecurity, those are information assets. But how can you begin to protect those assets if you don’t know exactly what and where those assets are?

Having a complete inventory of your information assets is a great starting point for any cybersecurity programme. Get a complete and accurate network diagram. Maintain a ledger of all devices connected to that network including applications, operating systems and version numbers for each device.

2. Have a vulnerability management and patching program tied to your inventory of assets.

Knowing where each network device resides is only half the battle. It is even more important to always know the vulnerability status of each device, so run automated vulnerability scans of the entire network at least monthly, preferably more frequently. Review the vulnerability reports and apply the recommended patches as quickly as possible.

Vulnerabilities are what hackers are seeking in your network because, when left unpatched, they can be exploited in such a way that the hacker can take control of that device, establish a network presence, and eventually find their way to other valuable assets on the network.

3. Conduct an awareness and training program for all users.

The users of a network – the employees, vendors, contractors and customers – can be your greatest vulnerability in terms of cybersecurity. And again, as vulnerabilities, they may be targeted by hackers via phishing or social engineering scams in order to get them to do something – reveal private information, transfer unauthorized funds or expose a password – that eventually compromises network security.

Educate your users. Publish an “Acceptable Use Policy.” Train users on safe email and browsing practices and how to recognize social engineering scams. Teach them how to create a complex, easily remembered password. Investing in user awareness will not cost much compared with other components of your cybersecurity program, but the return on investment can be substantial.

4. Continuously monitor information assets.

Continuous security monitoring is recommended for your network. Most, if not all, devices on your network are capable of generating continuous log data reporting activity on the device at any point in time. By aggregating, correlating and inquiring on this data, indicators of compromise may prompt an alert to the network administrator or security official, resulting in quick threat eradication.

Managing one’s own Security Operations Center (SOC) or contracting to a Managed Security Services Provider (MSSP) can be costly and technically complex, incorporating state-of-the-art data science, data enhancement and current threat intelligence. As an alternative, Zurich now offers all cyber policyholders, through a third party, an option for continuous security monitoring* for up to fifty devices as part of their policy.

5. Plan for incident response.

Assume something will go wrong, no matter how good your cybersecurity programme is. Your overall plan should define who takes the lead, who is on retainer for outside assistance (legal, forensic, law enforcement), and internal and external communication in responding to a cyber incident. Have a “playbook” for different scenarios: data breach, IoT intrusion, ransomware, etc. Once you have the plan and the playbooks, practice them, test them and fine-tune them.

Starting with the basics and building upon them goes a long way in helping to protect your company in case of a cyber event.


Latest video

Zurich UK CEO Tulsi Naidu talks about their 2018 financial results

Watch CEO Tulsi Naidu talking about Zurich Insurance Group's 2018 UK financial results.If you would like to view the full results CLICK HERE click here for more