Mycelium 365

    Cyber Insurance Controls Review

    Cyber insurance renewal coming up? Review the controls behind the answers before you complete the questionnaire.

    Mycelium's Cyber Insurance Controls Implementation Project aligns practical security controls to common cyber insurance expectations — reducing risk, improving readiness, and giving your business a clearer security baseline.

    What the Project Includes

    Twelve practical control areas aligned to the questions cyber insurers actually ask.

    MFA review and uplift

    Audit MFA coverage across every user, service account and admin role — close gaps insurers and underwriters expect to see closed.

    Conditional Access hardening

    Review and tighten Conditional Access policies: block legacy auth, enforce device compliance, restrict risky sign-ins.

    Endpoint security review

    Confirm every endpoint is encrypted, enrolled in management, and reporting healthy security signals to your central tooling.

    EDR / MDR / managed SOC alignment

    Validate Defender for Endpoint or third-party EDR coverage, alert routing, and managed detection-and-response workflows.

    Microsoft 365 security baseline

    Benchmark your tenant against Microsoft and CIS security baselines for identity, email, collaboration and admin settings.

    Patch management review

    Verify OS, browser and third-party application patching cadence, Intune rings, and unpatched vulnerability exposure.

    Backup and recovery evidence

    Confirm Microsoft 365, server and SaaS backups are immutable, off-tenant where required, and restorable on demand.

    Security awareness training

    Review your phishing simulation programme, training cadence, and reporting against insurance and compliance expectations.

    Incident response plan

    Develop or refresh a documented IR plan with escalation contacts, communications templates, and tabletop scenarios.

    Privileged access review

    Audit Global Admin and high-privilege roles, enforce PIM/JIT activation, and remove standing administrative privilege.

    Email security review

    Validate SPF, DKIM, DMARC, Defender for Office 365 policies, anti-phishing and impersonation protection.

    Control evidence pack

    Receive a documented evidence pack mapping your controls to common insurer questionnaires for renewal discussions.

    Mapped to insurer questionnaires

    Every review delivers documented evidence across the five control domains insurers focus on most at renewal.

    Identity & Access

    Entra ID + MFA

    MFA coverage for every active user and admin
    Phishing-resistant MFA for privileged accounts
    Conditional Access blocks legacy authentication
    Privileged Identity Management for Global Admins
    Standing admin privilege removed

    Endpoint & EDR

    Defender / MDR

    All endpoints enrolled in Intune or equivalent MDM
    Defender for Endpoint (or alt EDR) deployed everywhere
    Disk encryption enforced on every device
    Managed SOC / MDR alert routing validated
    Vulnerability and patch posture reported centrally

    Email Security

    Exchange / Defender for O365

    SPF, DKIM and DMARC published and enforced
    Anti-phishing and impersonation policies enabled
    Safe Links and Safe Attachments configured
    External sender warnings active
    Mail flow rules reviewed for risky exceptions

    Backups & Recovery

    Microsoft 365 + Servers

    Microsoft 365 data protected by independent backup
    Server and SaaS backups stored immutably
    Off-tenant or off-site backup copy retained
    Documented restore testing within last 12 months
    Recovery point and recovery time objectives defined

    Governance & IR

    Policies + Response

    Documented incident response plan with escalation tree
    Tabletop exercise completed in last 12 months
    Security awareness training run regularly
    Phishing simulation programme operating
    Insurer questionnaire mapped to live evidence

    Why review your controls now?

    Aligned to common Australian and global cyber insurance questionnaires
    Reduces the back-and-forth at renewal with documented control evidence
    Strengthens negotiating position on premiums and coverage limits
    Built around the Microsoft 365 and Azure tools you already own
    Delivers a clear remediation roadmap, prioritised by insurer impact
    Improves your real-world security baseline — not just the paperwork

    Ready to simplify and secure your technology?

    Book a Discovery Call with Mycelium 365 to discuss your Microsoft 365, Azure, security, cloud, support, or advisory needs.