CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Many Caveats
TENAFLY, N.J., Feb. 18, 2016 /PRNewswire/ — Security Current, an information and collaboration company by CISOs for CISOs, has published a collection of leading Chief Information Security Officer's (CISOs) insights on the future of cyber insurance and tips for success.
Logo – http://photos.prnewswire.com/prnh/20160217/334557LOGO
Most CISOs agree the market for cyber insurance is growing and evolving.
In the wake of high-profile mega breaches that have occurred over the last several years, many organizations will look to reduce risk, in part, by offloading it to insurance providers, according to Roota Almeida, Head of Information Security for Delta Dental of New Jersey.
Although CISOs tout the benefits of cyber insurance, such as comprehensive risk assessments and other helpful resources, they warn that its adoption comes with a number of caveats, making it imperative for CISOs to take an active role in procuring policies.
Principal Financial Group CISO Meg Anderson suggested security teams treat the process of cyber insurance underwriting as a point in time review, and warns that constantly evolving security infrastructures should be addressed from the outset.
"All parties should be sure there are clear guideposts for handling changes related to technology infrastructure – on premises, in the cloud or provided in other ways outside of your organization," Anderson said. "In the case of a breach, the worst case scenario would be to find out your insurance was voided due to a contractual issue, related to a control change."
CISOs recommend closely evaluating the language in the policy to understand both the coverage points – what assets are covered and to what extent – and the necessary controls and frameworks stipulated by the insurance companies for coverage. However, Zephyr Health CISO Kim Green cautions that allowing insurance providers to determine security strategy by meeting frameworks set by the insurers could be a slippery slope.
"Requiring adherence to a framework, in my mind, is a sound business principle for the insurer, but I do not think it is appropriate for insurers to specify which frameworks are required, a decision best made by the insured," said Green.
Overall, CISOs agree that cyber insurance is a necessary and beneficial component of any enterprise's security and risk strategy, but there are aspects of a breach that cannot be remedied by coverage alone.
"Cyber insurance, if procured correctly, can truly help offset the costs of a breach," said Fairfax County CISO Michael Dent. "What cyber insurance cannot do is repair the reputation of an entity once it is publicly announced a breach or successful hack occurred and records were exposed."
Participating CISOs include:
Roota Almeida, Head of Information Security, Delta Dental of New Jersey
Meg Anderson, CISO, Principal Financial Group
Paul Calatayud, CISO, Surescripts
Jonathan Chow, CISO, Live Nation Entertainment
Darren Death, CISO, ASRC Federal
Michael Dent, CISO, Fairfax County
Kim Green, CISO, Zephyr Health
Michael Molinaro, CISO, BioReference Labs
Farhaad Nero, VP of Enterprise Security, Bank of Tokyo-Mitsubishi UFJ
Larry Wilson, CISO, University of Massachusetts
Read the full list of CISO Perspectives
About Security Current
Security Current improves the way security, privacy and risk executives collaborate to protect their organizations and their information. Its CISO-driven proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.
Contact:
Aimee Rhodes
Email
Phone: 201-835-9205