What would constitute a benchmark or a suitable budget allocation for cybersecurity insurance?

Security & GRCStrategy & Architecture
469 views1 Upvote3 Comments
CIO in Services (non-Government), 201 - 500 employees
This is quite a broad question, and the answers will be very diverse.

First, what industry are you in? Next, what is your regulatory requirement burden, and what are the consequences for breaches and disclosure of data within your organization?  If you have HIPAA, GDPR SOX, PCI-DSS types of data, there will be a higher cost to data breaches, disclosures and losses, which will mean you should allocate a higher budget proportionally, than say a hardware chain, or Burger franchise would.

I have been involved in buying Cyber-Insurance for quite a few years, and each underwriter has their own particular set of requirements, etc., so I'd get at least 3 or 4 quotes, but be prepared for an awful lot of paperwork.  Check exactly what is and is NOT covered by each underwriter, and see if you can get them to write a custom policy if you can, especially if you have a fairly unique business. If you have patient health information, or financial data, you will find that there are a couple of specialty underwriters that should be able to provide you with targeted and specific coverage.

I'd benchmark the coverage by comparing what your IDEAL coverage would look like, vs. what you can actually get covered, and see how closely those two align with each other; the closer the alignment, the closer you are to hitting your benchmark.  In terms of financial benchmarks, I'd look at the cost-payout ratio and make sure you are getting value for money, and not paying absurd premiums that would outweigh the cost of a cyberbreach.

Just a couple of ideas, I hope that helps.
1
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
I believe this depends on the cyber security posture of the organization. 
Senior VP & CISO, 1,001 - 5,000 employees
Varies based upon posture, vertical, customer and regulatory environment and more. Not a one size fits all. I'd start by chatting with leaders to understand materiality and risk tolerances and then a well-known broker. 

Content you might like

From the recent security and privacy concerns, are you considering or have you already started moving away from Zoom as a collaboration platform?

Security & GRCCollaboration Solutions

Already moved away45%

Starting to move away32%

Considering a move away - over 1 to 3 months22%


848 PARTICIPANTS
4.8k views1 Upvote11 Comments

If you use an air-gapped backup solution, would you say there are drawbacks?

CloudGovernance, Risk & ComplianceSecurity & GRC+13 more

Slow recovery response times34%

Data availability is limited50%

Too expensive to scale effectively52%

Difficult to manage for widespread use38%

Prone to misconfiguration12%

No - There are no drawbacks7%


560 PARTICIPANTS
1.6k views3 Upvotes

Did anyone else catch this stat on Crunchbase: "M&A deal-making in the cybersecurity space continues to slow with only 13 deals announced for VC-backed startups in the first quarter of the year"  Do you think the decrease in cybersecurity M&A is going to impact innovation or could it lead to consolidation in terms of vendor offerings (that is perhaps a needed change)?

Security Strategy & RoadmapSecurity & GRCInnovation
Read More Comments
1k views1 Upvote4 Comments

How do you balance the need for innovation with maintaining stability and reliability in your technology stack?

InnovationStrategy & Architecture
688 views1 Comment

What's a quick win for optimizing spend? What's been your focus or "lowest hanging fruit"?

People & LeadershipStrategy & ArchitectureCloud+28 more
Read More Comments
1.5k views4 Upvotes3 Comments