Zurich Cyber Complete
Enhance your cybersecurity with Zurich Cyber Complete
At Zurich, we’re passionate about risk prevention and mitigation, which is why we're offering cyber insurance customers a free service to help improve their cyber resilience.
Zurich Resilience Solutions (ZRS) provides risk-led Cyber and AI Services, complemented by trusted partner-delivered technical capabilities, helping organisations understand, quantify, and prepare for cyber and AI risk.
Customers can choose from either a cyber health check or a cyber incident response exercise.
Cyber health check
The cyber health check is ideal if you are reviewing your cybersecurity or looking to validate the work you have already begun. It involves a gap analysis to pinpoint strengths and weaknesses in your current approach – an essential step in any cyber risk management strategy. The cyber health check considers risks across three dimensions – exposures, hazards and controls – and identifies improvements that will enhance organisational cyber resilience.
How it works
A Zurich Resilience Solutions cyber risk consultant will contact you to give you an overview of the process and will then interview the appropriate individuals within your organisation who are responsible for managing cyber security, such as your chief information/security officer, head of IT security, or director of IT. This half-day interview session, which can be done virtually, is designed to gain a full understanding of your organisation’s current cybersecurity controls and exposures.
The process will address all 23 categories of the NIST Cyber Security Framework, including governance, technical controls, response capabilities, training, and other relevant areas.
The cyber risk consultant will then develop a customised report with detailed findings, including an overall score which can be compared to relevant benchmarks within Zurich Resilience Solutions’ portfolio of clients. It will also include specific and actionable recommendations for your organisation.
Key features and benefits
- Helps you to understand gaps in your cyber maturity and prioritise resources for the most significant risks
- Provides a practical roadmap to improve cyber risk management
- Can be used to garner senior management buy-in for future cyber programmes
- Provides external reassurance
- Assurance based on how your organisation compares to industry peers
Cyber incident response exercise
A cyber incident response exercise involves scenario-based tabletop exercises to help organisations determine areas for improvement and improve their cyber incident response capabilities.
How it works
A Zurich Resilience Solutions cyber risk consultant will contact you to better understand your business environment, in order to create a tailored exercise that appropriately reflects your exposures.
Exercises typically last three to four hours and aim to test the versatility of plans in responding to a range of possible scenarios. They are conducted in line with industry best practice and scenarios can be developed for various levels of business, cyber and IT stakeholders.
After the exercise, the cyber risk consultant will provide a summary of their findings and recommendations.
Key features and benefits
- Involves a table-top exercise which won’t intrude on your network
- An experienced cyber risk consultant will tailor scenarios to your exposures, and multiple eventualities will be tested in a single session
- Exercises help to identify gaps in processes, heighten stakeholder awareness of roles and responsibilities, and improve response efficiency
- Recommended actions to help strengthen resilience
Accessing Zurich Cyber Complete services
To access either the cyber health check or cyber incident response exercise, please speak to your broker or usual Zurich underwriting contact.
Exclusive discounts on cybersecurity services
Zurich cyber insurance customers can also get a 20% discount on the suite of cybersecurity services provided through Barrier Networks. The 20% discount applies to the standard market list price for the initial purchase of certain technology services:
- Vulnerability Scanning (Qualys) - continuous vulnerability scanning using Qualys to identify, prioritise, and track security weaknesses across infrastructure, cloud environments, and endpoints. Enables improved patch hygiene and risk-based remediation
- Penetration Testing (Barrier) - comprehensive penetration testing across networks, applications, cloud, and internal environments. Testing identifies exploitable weaknesses and provides prioritised remediation guidance to reduce cyber risk and improve organisational resilience
- Phishing Simulation & Training (Keepnet) - realistic phishing simulations measure user susceptibility and highlight high-risk behaviours. Targeted training modules and automated workflows improve user awareness and reduce human-driven security incidents
- Endpoint Detection & Response (CrowdStrike) - behaviour-based threat detection monitors endpoints in real time, identifying and stopping advanced attacks. Continuous response and containment capabilities prevent lateral movement and limit operational disruption
- Privileged Access Management (Delinea) - secures privileged identities, enforces least-privilege access, and manages credential lifecycles. Automated controls reduce insider-threat exposure and minimise the impact of compromised accounts
- Managed Detection & Response (MDR) (CrowdStrike) - 24/7 threat monitoring, investigation, and rapid remediation. Analysts triage alerts and contain threats quickly, reducing business risk and downtime
- Email Security (IronScales) - advanced detection and blocking of phishing, BEC, and emerging AI-driven threats. Automated remediation and user-driven intelligence significantly reduce incident resolution times
- Cloud Native Application Protection (Uptycs CNAPP) - end-to-end security for cloud workloads, containers, and applications from development through runtime. Unified visibility and risk prioritisation help detect misconfigurations and threats early
- Cloud Security Posture Management (CrowdStrike CSPM) - continuous assessment of cloud environments to identify misconfigurations, excessive permissions, and compliance gaps. Automated detection and remediation support secure cloud adoption
- Data Security Posture Management (Varonis DSPM) - discovers sensitive data, analyses access risk, and protects information from misuse or exfiltration. Continuous monitoring detects abnormal behaviour and enforces least-privilege access
- Microsoft Azure Security & Configuration (CoreView) - monitoring and optimisation of Azure security controls, permissions, and configurations. Automated policy enforcement reduces risk and helps maintain compliance in complex Microsoft ecosystems
- Managed SIEM (LevelBlue) - collection, correlation, and analysis of security events in real time. Expert tuning, monitoring, and incident response provide actionable visibility and reduce alert fatigue
- Operational Technology SOC (Radiflow OT Security) - continuous monitoring of industrial networks and ICS/SCADA environments for cyber-physical threats. Specialised detection and response protect critical infrastructure, uptime, and safety
- Governance, Risk & Compliance (Drata) - automated evidence collection, policy management, and compliance reporting across frameworks such as ISO 27001, SOC 2, and GDPR. Reduces audit burden and accelerates readiness
- Third-Party Risk Management (OneTrust TPRM) - assessment, monitoring, and mitigation of supplier and third-party risks. Centralised workflows support compliance and reduce exposure to external dependencies
- CISO as a Service (Barrier) - strategic security leadership on demand—building security roadmaps, governance models, and risk-based programmes for organisations without a full-time security executive
- Artificial Intelligence Security Assessment (Barrier) - evaluation of risks associated with AI models, data pipelines, and system integration. Recommendations mitigate adversarial attacks, data leakage, and governance weaknesses
To activate your discount please email:
Who are Zurich Resilience Solutions?
Zurich Resilience Solutions UK is part of the Zurich Insurance Group. Bringing together decades of risk engineering expertise and a wealth of insurance data, Zurich Resilience Solutions provides specialist risk management services.
Zurich Resilience Solutions’ service spans a number of key risk areas – one of which is cyber, where its internal capabilities are complemented by external partnerships with security firms. Together, this provides a holistic and comprehensive cyber resilience risk advisory service, to help you tackle the present cyber risk landscape and plan and prepare for emerging threats.