Erin Strub Halchak, RPLU, is US Chief Cyber Underwriting Officer at Liberty Mutual Insurance. Based in Denver, she brings deep expertise in cyber risk, underwriting strategy, and resilience, helping brokers and businesses navigate evolving threats with practical, data driven solutions.
In an exclusive interview with Insurance Business Review, she shared invaluable insights on strengthening cyber resilience through access management, disciplined patching, vendor oversight, robust data protection, and incident response planning to help businesses mitigate evolving threats and secure underwriting success.
Five Cyber Risk Practices Every Business Needs
As the cyber insurance market shows signs of stabilizing after years of volatility, the threat environment is becoming more complex and far reaching than ever.
The rate of year-over-year premium decreases has slowed, but the frequency, severity, and sophistication of cyberattacks continue to rise. The increase in cyber premiums has slowed since its peak in in 2022 according to Fitch Ratings, yet Industrial Cyber reports that global ransomware attacks increased 32 percent in 2025.
For brokers and risk managers, this underscores the need for proactive strategies to reduce exposure and strengthen resilience.
Here are five best practices that can help businesses of all sizes prevent attacks and recover quickly when they occur.
Strong Access Management
Stolen or misused credentials remain the principal doorway to data breaches across industries.
Verizon’s 2024 Data Breach Investigations Report found credential theft as the initial access vector in 38 percent of breaches, far outpacing phishing and vulnerability exploitation.
That reality makes robust identity controls, especially multi-factor authentication (MFA), non-negotiable. In fact, MFA reduces compromise risk by almost 99 percent, according to Microsoft.
Cyber resilience requires strong access controls, disciplined patching, vigilant vendor oversight, robust data protection, and clear incident response to help businesses prevent attacks and recover quickly.
Applied consistently to employees and vendors, MFA meaningfully shrinks the way bad actors can attack. Regular access reviews, prompt removal of dormant accounts, and conditional access policies further contain risk as employees and vendors change.
Effective MFA is not a set and forget control. It requires disciplined governance, visibility across the organization, and ongoing tracking of attempted logins and odd behavior, such as employees trying to access data beyond that which they typically use.
Organizations that harden data controls while emphasizing user experience see both security and adoption improve.
Regular Patching and Vulnerability Management
Attackers overwhelmingly favor known, unpatched flaws in software.
And these flaws continue to grow. More than 240 known exploited software vulnerabilities were added in 2025 to the federal Cybersecurity & infrastructure Security Agency’s tracking catalog.
Yet organizations take a median 55 days to patch half of critical vulnerabilities, according to Verizon. This gives adversaries a generous window to do harm.
That time can be reduced by automating software patch discovery and remediation, and through including patch resolution metrics in Service Level Agreements with key vendors.
Third Party and Vendor Risk Management
Vendors can be a key entry point for cyberattacks so managing them is critical.
Beyond carefully selecting and onboarding vendors, maintain a living inventory of all of them, classify them by data sensitivity and system criticality, and require evidence of patch hygiene, data breach and incident response commitments in contracts.
Data Protection and Backup Strategy
Not all data is equal. Classify information by sensitivity and business criticality, then apply appropriate encryption and access controls.
Design data backups to survive targeted attacks. One effective approach is to follow the 3-2-1 rule, three copies, on two media, with one off site.
Regularly validate restored data to ensure consistent recovery across systems and to avoid discovering corrupted data during a crisis.
Develop your data protections and backup strategy assuming you will be attacked. Segment sensitive data, shorten retention, and minimize the type and amount of data collected.
Isolated data backup and a clear well-rehearsed playbook are two critical tools for minimizing the impact of ransomware attacks.
Incident Response Planning and Monitoring
Quickly detecting and responding to a cyberattack are among the best ways to limit its financial and operational impact.
To do this, a company should document its enterprise-wide incident response plan, define clear roles and responsibilities, and regularly conduct tabletop exercises and breach simulations.
Pair this with continuous security monitoring, whether internally or through a vendor to surface threats earlier and shorten the breach lifecycle. There is a clear link between speed and outcome; organizations that detect and contain breaches faster materially lower their costs.
Have clear systems in place for coordinated communications with regulators, customers and vendors throughout an incident.
Conclusion
Cybersecurity can feel daunting, but these five practices give brokers and their clients a practical roadmap for preventing attacks and recovering faster when they occur.
In a stabilizing but still selective insurance market, organizations that implement and demonstrate these fundamentals are better positioned for underwriting success and, more importantly, for resilience.
