Insurers define what's required in order to get a cyberinsurance policy, and they also determine what premium discounts will be offered. Still, not much has been defined on either side in terms of standards or best practices for coverage and pricing. Coverage amounts may have an impact on price, but since there is not a lot of competition at this stage, premiums are running high up and down the stack.
This is where premium reduction items come into play. In terms of specific controls that can be applied to reduce a premium, the requirements have hardened a bit over recent years.
This topic is explored by Sean Martin in much more detail in Part 3 of this 3-part series on SearchSecurity.
Be sure to read Part 1 to answer the question: Is cybersecurity insurance a necessary evil for every company to consider or, is it only a viable option for a small few?
Read Part 2 to learn about assessing risks and defining policies as part of your cyberinsurance program..