What are your thoughts on cyber insurance? Should people get it?

Security & GRCFinancial Management
15.2k viewscircle icon3 Upvotescircle icon8 Comments
Sort by:
VP of IT in Software6 years ago

After WannaCry and NotPetya resulted in major operational disruptions in big companies, cyber insurance has become more sought after. Yes, I think cyber insurance is needed as a form of limited cyber risk transfer against the inevitability of a breach and in particular against black swan events. The scope of applicability is typically against events that your BCP plan does not already cover. Having said that, if you are a critical infrastructure at a national level, cyber insurance does nothing to lower that risk.

CIO in Software6 years ago

Yes cyber insurance is expensive and there's doubt about payouts however as a public entity it is a requirement. So much head bashing is required with the underwriters to try and figure out the quantum. And I'd agree with all the other comments on this as well.

Lightbulb on1
CIO in Software6 years ago

Some pointers to consider:
> premiums are negotiable - don’t take the first quote
> how ‘perfect’ does operation of current controls need to be - is 95% ok for meeting patching targets?
> will the payout (assume no more than policy limit) be sufficient to cover investigation, remediation and PR/marketing costs to recover from a breach or compromise?
> how does the expected cost vs probability of compromise equate to a self-insured business case rather than annual premiums?

Director Certifications in Education6 years ago

Cyber insurance is a good thing to have, but could be very expensive. The network should be properly segregated when designed. Some protection to take educate your users (security awareness), not to open emails from people you don't know (hard to do depending on your business), but most importantly do not click on links in emails you don't know. A process should be in place to keep systems current (security updates and patches). Monitor users and service accounts. You can also hash the systems files and any changes you would detect with the proper monitoring tools. Security today cost a lot of money, but you have to get the appropriate skills on the job.

Group Chief Information Officer in Construction6 years ago

As a public company we require that however the big argument is coverage never enough and evaluating of intangible assets

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

In this gig economy we live in, which is growing rapidly, how many of you have used talent agencies, for specialized professionals on an as needed basis, to ramp up quickly and get a project done?

Yes, we use external talent agencies often27%

Yes, we use external talent agencies rarely54%

No, we only leverage internal staff15%

Not sure, I see people come and go not sure if they are internal staff or external talent2%

View Results

Does your IT team or your HR team absorb the costs of HR technology?

Read More Comments

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

Is Zero Trust a genuine strategy in cyber security or purely a marketing gimmick?

Genuine strategy in cybersecurity.59%

Purely a marketing gimmick.33%

Unsure.7%

View Results