Does anyone have any recommendations on cyber security insurance? How do I determine the amount of coverage a company needs?

1.1k views2 Comments

Sort by:

Senior Information Security Manager in Software3 years ago

If you are a large company, this is a major undertaking that requires a complete understanding of your business and the data stored. Find a good consultant and insurance underwriter who can help.

Here is a really good book about cyberinsurance: https://www.rsaconference.com/library/Blog/bens-book-of-the-month-review-of-cyberinsurance-policy

CIO in Services (non-Government)3 years ago

You really need to sit down with the rest of your C-Suite and go through this, it's actually a very complex answer. You need to know a lot of things, like how much does each hour of downtime cost you, what kinds of fines are levied by the regulatory agencies you report to (HIPAA, GDPR, etc.,) how much damage to your corporate reputation cost you, and on and on. It's an entirely specific set of parameters that can only be calculated by working through what a cyberattack would do to you, and also what LEVEL cyberattack it is. If a single user endpoint gets infected by ransomware, what does that cost? How about your main application server in The Cloud? How about your entire Cloud Infrastructure?

Basically, you have to quantify the scope/s of what constitutes a cyberattack, then work out the cost of each level of attack, all the way up to a corporate doomsday scenario where you go out of business, and insure yourselves accordingly.

Content you might like

In light of the findings from the 2023 IT Skills and Salary Report from Skillsoft, which highlighted a significant skills gap in AI and ML among IT teams, what is your organization’s primary strategy for addressing this challenge?

Recruitment12%

Upskilling Current Staff62%

Contracting Specialists14%

Combination Approach10%

View Results

In your opinion, how involved in AI governance strategy should HR be? What should their seat at the AI governance table look like?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

What headline-trend or buzzword makes you cringe the most?

Big Data16%

Remote Work19%

Microservices / Containerization13%

CI / CD7%

Zero-Trust15%

Automation2%

Digital Transformation16%

Cloud / Cloud Native2%

DevOps or DevSecOps3%

Other (comment)1%

View Results

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Does anyone have any recommendations on cyber security insurance? How do I determine the amount of coverage a company needs?

Sort by:

Content you might like

In light of the findings from the 2023 IT Skills and Salary Report from Skillsoft, which highlighted a significant skills gap in AI and ML among IT teams, what is your organization’s primary strategy for addressing this challenge?

In your opinion, how involved in AI governance strategy should HR be? What should their seat at the AI governance table look like?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

What headline-trend or buzzword makes you cringe the most?

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go