Data & Backup Security

Data & Backup Security

The Data & Backup Security category assesses data protection practices and backup configurations - whether sensitive data stores are secured from public access, and whether backups are properly isolated. In a ransomware scenario, viable backups can be the difference between a full recovery and a costly ransom payment. Insurers consider secured, tested backups essential to business resilience.

From the perimeter scan, Inscora evaluates two key areas: whether sensitive data stores are exposed to the internet, and whether there are signs of existing data breaches on the dark web. The remaining aspects of this category - backup encryption, testing frequency, offline storage - are assessed through the cyber insurability assessment questionnaire.

Exposed Data Stores

No Sensitive Data Is Exposed on the Internet

This validation reviews the host's open network ports and identifies whether any of two-dozen common database or caching systems (such as MySQL, PostgreSQL, MongoDB, Redis or Elasticsearch) can be reached directly from the public internet. If one of these stores is detected, the result is flagged as critical. The absence of every store is recorded as informational.

Why this matters for insurability

Because these technologies usually hold customer records, credentials or other confidential material, leaving them publicly reachable gives anyone on the internet a chance to guess passwords, exploit software flaws or even read and delete data, which can lead to data breaches, service outages, regulatory penalties and ransom demands. Knowing whether a company has such exposures helps an insurer quantify the likelihood and potential impact of a privacy or business-interruption claim when setting cyber coverage terms.

Dark Web Exposure

No Data Breach Indicators Were Detected on the Dark Web

This validation checks whether the organisation's domain appears in dark-web or criminal online sources that trade in stolen data. It monitors for signs such as leaked payment information, exposed user credentials, ransomware-related disclosures and malware logs from infected devices. By searching those channels and rating any matches it finds, it reports either that no evidence of exposure was detected or assigns a severity that reflects how complete and damaging the discovered information could be.

Why this matters for insurability

The presence of company-specific data in underground venues indicates that confidential information or access details have already been compromised, increasing the chance of fraud, unauthorised entry, regulatory penalties and subsequent financial loss. An insurer needs to know whether such indicators exist because they reveal the likelihood and potential scale of a claim arising from an active or impending breach, allowing more accurate evaluation of the organisation's security posture and the pricing or terms of a cyber-insurance policy.

Note: Perimeter scan vs. full assessment
The perimeter scan can detect exposed databases and dark web indicators, but the full Data & Backup Security score also depends on the client's answers to the cyber insurability assessment - covering backup frequency, encryption, offline/air-gapped storage, and regular restoration testing. Completing the assessment builds the complete picture.

Tip: Use Explain to understand any validation
For any question about what a scan result means, how it affects insurability, or what to do about it, use the Explain button directly on that validation. The briefing is generated from your client's actual data and covers the technical meaning, insurability impact, real-world incident references, step-by-step remediation, and how your own services connect to the solution.