Cyber Insurance

Cyber insurers now require PAM. 12Port helps you answer their questionnaire.

Marsh’s top 12 controls list is the underwriting playbook every carrier follows. 12Port directly answers six of those twelve, including PAM, MFA on privileged access, RDP hardening, full session logging, end-of-life system protection, and vendor / AI-agent access. One platform. Agentless. Built for the questionnaire.

Book a demo
Start free trial
Insured A teal 12Port-style shield bearing a bold white checkmark. A dark circular insured seal is stamped over the shield’s upper right. Both sit within a soft, dashed coverage perimeter. Insured

The cyber insurance market changed. Underwriters changed with it.

After three years of ransomware losses, carriers tightened their underwriting playbooks. Every major broker and carrier now publishes a list of required controls. Privileged Access Management appears on every list. So does Multi-Factor Authentication on privileged accounts, session monitoring, and credential rotation.

40%

of cyber insurance claims were denied in 2024.[1]

82%

of denied claims involved organizations without enforced MFA.[1]

47%

of attacks that triggered a cyber claim were identity-related or caused by a privileged-account compromise.[2]

62%

of organizations filed a cyber claim in the last 12 months.[2]

“Without positive responses in the top 5 control categories, coverage offered and insurability may be in question.”[3]

Marsh McLennan

PAM is one of those top 5. Why PAM is the spine of compliance.

Marsh’s top 12 controls. 12Port directly answers six.

Marsh’s Top 12 Cybersecurity Controls Identified by Cyber Insurance Carriers[3] is the list every broker and underwriter knows. Of the twelve, 12Port directly answers six: half the list, with one platform, agentless.

#Marsh controlHow 12Port answers
1MFA for remote access and admin/privileged accessAccessWall enforces MFA at every privileged session entry. No session starts without it. TOTP, push, FIDO2, and SAML chaining supported.
2Endpoint Detection and Response (EDR)Out of scope for 12Port. Pair with your existing EDR.
3Secured, encrypted, and tested backupsOut of scope for 12Port. Pair with your existing backup tooling.
4Privileged Access Management (PAM)The platform itself: PAM, Credential Vault, Credential Rotation, and Session Intelligence in one agentless deployment.
5Email filtering and web securityOut of scope for 12Port.
6Patch management and vulnerability managementOut of scope, but see #11 (12Port wraps systems that cannot be patched).
7Cyber incident response planning and testing12Port speeds response by giving the IR team a single source for “who accessed what and when,” but the plan is yours.
8Cybersecurity awareness training and phishing testingOut of scope for 12Port.
9Hardening techniques, including RDP mitigationEliminate exposed RDP. Targets accept connections only from 12Port PAM. AccessWall blocks the access ports on the network so RDP, SSH, and similar protocols are not reachable from anywhere else. See Remote Access.
10Logging and monitoring / network protectionsComplete audit trail of every privileged event, including video recording of every session. Indexable, searchable, replayable. Evidence ready for the carrier and for forensics.
11End-of-life systems replaced or protectedFor systems that cannot be patched (legacy Windows, OT, ICS, embedded controllers), 12Port provides a compensating control: MFA-required, time-bound, recorded access through 12Port PAM. The unpatched system never speaks to the user directly.
12Vendor / digital supply chain risk managementBrokered third-party access with MFA, time bounds, full recording, and no credential disclosure to the vendor. Same model applied to AI agents via the MCP Server for AI Agents.

Six controls, one platform. Pair 12Port with the EDR, backup, email security, and patch management tooling you already run, and you cover ten of Marsh’s twelve before adding anything else.

What Marsh says about PAM specifically

“Privileged accounts are the keys to a network. When attackers compromise these accounts, they gain unlimited access to the network, increasing the likelihood of causing significant harm. Organizations can control for this by limiting the number of privileged accounts, using Just-in-time (JIT) elevation or vaults, and MFA. Many organizations implement PAM solutions that automate privilege and session management.”[3]

Marsh McLennan

Marsh’s prescription is exactly what 12Port does.

The control mapping

Question, capability, evidence. What an underwriter asks for, what 12Port does about it, and the framework reference auditors will recognize.

Underwriter asks for12Port capabilityFramework reference
MFA on privileged sessionsAccessWall enforces MFA at session entry. Supports TOTP, push, FIDO2, and SAML chaining.NIST CSF PR.AC-7, CIS 6.5
A PAM platform in placeFour core modules: Privileged Access Management, Credential Vault, Credential Rotation, Session Intelligence.NIST CSF PR.AC-4, CIS 5.4, SOC 2 CC6.1
Limited number of privileged accountsZero Standing Privilege. Access is granted at session time, removed at session end.CIS 6.6
Just-in-Time elevationJIT request and approval workflow. No persistent admin rights. Marsh names JIT explicitly as a PAM enabler.CIS 6.6, NIST CSF PR.AC-4
Privileged session monitoring and recordingSession Intelligence records, indexes, searches, and replays every privileged session.NIST CSF DE.CM, CIS 8.5
Automatic password rotation on admin accountsCredential Rotation: scheduled rotation or rotation on checkout. Targets human, service, and AI agent accounts.CIS 5.2
Audit trail and reportingFull audit trail across every module. One-click reports aligned to SOC 2, HIPAA, PCI, NIST CSF for evidence packages.SOC 2 CC4.1, PCI Req 10
Third-party and vendor access controlsAccessWall brokers third-party sessions. Time-bound, MFA-enforced, recorded, no credential disclosure to the vendor.NIST CSF ID.SC, CIS 15
Removal of standing admin rightsZero Standing Privilege as the platform default. Privileged rights only exist during an approved session.CIS 5.4, CIS 6.6
AI agent and non-human identity controlsMCP Server for AI Agents. Same JIT, vault, and audit model applied to AI workloads.CIS 5 (extended)
Agentless deploymentNo endpoint agents to install. Faster to roll out, faster to demonstrate at audit. Reduces the endpoint coverage objection underwriters raise.Implementation note
Single source of evidenceAll controls live in one platform. No swivel-chair between vault, session manager, IGA, and EDR.Operational

Be ready before the underwriter asks

Three things insurers want to see at renewal and after an incident.

Continuous evidence

Underwriters increasingly ask for evidence across the policy period, not a snapshot from the day you applied. 12Port logs every privileged session, every credential checkout, every elevation, every approval. The audit log is the evidence.

Single source

Most organizations spread privileged access across a vault, a separate session manager, an IGA tool, and EDR. When the questionnaire asks who accessed what and when, the answer comes from four systems that have to be reconciled. 12Port keeps the answer in one place.

Faster response

Time-to-restore matters in claims. With 12Port, you can answer “who had access to this asset on this date” in minutes, not days. That speeds incident response, which is what carriers reward.

Why agentless matters at audit time

The two questions underwriters ask after “do you have PAM” are “across what percentage of your environment” and “how long did it take to deploy.” 12Port is agentless. No endpoint agent to install, no kernel-level deployment, no exclusion list to negotiate.

  • Coverage on day one. No gradual-rollout gap on the questionnaire.
  • Linux, Windows, network devices, cloud consoles, SaaS admin accounts, and AI agents are all in scope from the start.
  • Faster proof-of-coverage at audit. The asset list and the privileged-access list are the same list.

Frameworks your insurer cares about

Cyber insurers reference specific compliance frameworks during underwriting. 12Port produces evidence for all of them from a single platform.

PCI DSS v4.0

MFA on cardholder data access, vaulted credentials, recorded sessions, AccessWall paths.

HIPAA Security Rule

Address §164.312 technical safeguards for access control, audit, and ePHI integrity.

SOC 2 Type II

CC6 (Access Control) and CC4 (Monitoring) are where 12Port produces continuous evidence.

NIST CSF 2.0

Govern, Identify, Protect, Detect, Respond, Recover. Evidence in PR.AC, DE.CM, and the new GV category.

ISO/IEC 27001:2022

Annex A.5 identity and access controls, A.8 asset management, A.12 operational security.

NIST 800-53 Rev. 5

AC and AU families. Critical for federal contractors and any organization holding CUI.

Get to insurable. Then stay there.

A 30-minute demo against your environment. We map your current privileged access posture to your carrier’s questionnaire and show you exactly which boxes you can check after deployment.

Book a demo
Request a quote

References

  1. ^ Coalition. The State of Active Insurance: 2024 Cyber Claims Report. Coalition, Inc., 2024. https://www.coalitioninc.com/blog/2024-cyber-claims-report
  2. ^ Delinea. 2024 State of Cyber Insurance Report. Delinea, 2024. https://delinea.com/resources/cyber-insurance-report-2024
  3. ^ Marsh McLennan. Top 12 Cybersecurity Controls Identified by Cyber Insurance Carriers. US & Canada Cyber Practice. marsh.com/en/services/cyber-risk/insights/cyber-resilience-twelve-key-controls-to-strengthen-your-security.html