2. Build a Comprehensive Incident Response Plan
Policies, procedures and technology should all support an incident response plan. Underwriters want to see a level of planning that corresponds to the risk, specifically tailored to anticipated threats and sometimes following a framework such as those from the National Institute of Standards and Technology or ISO.
Include in the plan any partners you rely on, such as law firms, forensic IT specialists or notification firms, and make sure they are on a list of vendors approved by the insurance company.
3. Select and Train an Incident Response Team
Technology that monitors systems will produce alarms and alerts. Make sure you have an incident response team in place to assess those alerts, determine the potential impact and carry out any needed remediation.
The team needs clear procedures and should do frequent tabletop exercises to ensure effectiveness in the event of a crisis. Zero-day vulnerabilities, in particular, must be remediated as soon as they are discovered — hopefully before a hacker exploits them.
4. Once You Get Insurance, Keep It
Cyber insurance vendors are seeing steep increases in the cost of insurance, partly due to the increasing prevalence of ransomware attacks. Expect vulnerability scans, as required by policies, and increased premiums and/or reduced coverage. Universities should perform their own continuous assessment and monitoring to obtain renewal coverage, based on controls such as multifactor authentication, endpoint detection and response, privileged access management, and other methods that can quantify their exposure to cyber risks.