As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. These experts do more than just process claims in the aftermath of an attack. Their coverage requirements and metrics-driven approach to risk put organizations not meeting cyber-hygiene basics on notice. How can chief information security officers (CISOs) prepare to work with this important power player?
Understand Your Cyber Insurer
Cybersecurity risk has increased exponentially due to the changing and complex cyber-threat landscape, particularly ransomware attacks. As a result, cyber-insurance premiums have surged by 50% just in the last year, which could have a significant impact on risk management budgets. Facing pressure from all sides, CISOs have the unenviable challenge of proving to their cyber insurer that their organization is properly set up to withstand cyber-risk. To make their case, CISOs must thoroughly understand cyber-insurance companies’ role and key priorities.
Insurance companies live and die by their ability to accurately quantify risk, and cybersecurity is no exception. Actuarial science powers a global market of insurance premiums worth $7 trillion annually. Due to the profound disruption caused by a surge in simple but scalable cybercrime, organizations have endured financial blow after financial blow. Most organizations recognize their cybersecurity strategy must change, and cyber insurers that make decisions about coverage using advanced statistical methods play a pivotal role in determining what that change entails.
Source: Dark Reading