How is cyber security insurance managed in financial institutions; is it managed by ERM or CIO- cyber risk team?

253 views1 Upvote3 Comments

Director IT in Software, 10,001+ employees
Its Managed by ERM
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
It depends on the organisation’s structure but for BFSI co-owned by CIO and CISO 
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
What do you mean by "managed!" The CFO in many small to mid size companies deal with the brokers to get the quotes and defend budget concerns. Legal reviews that contract terms. The CISO should be involved in the security and data architecture reviews and questions. I also give strong input to the amounts needed, additional riders e.g. AI, etc. In the end it's an Enterprise Risk Management evaluation case to evaluate what risks to self- insure, etc. Remember that contracts may require certain limits but always check to see if the next higher band is more cost effective. Cyber liability insurance also helps with reputation management, forensics, etc so many departments and leaders need to be part of the process.

Content you might like