Cyber insurance: What does a CISO need to know?
Monday, July 4, 2022
Chief among the challenges is cost. Premiums are increasing, and cover is more restricted. Also, insurers may look for security and compliance measures that some businesses cannot afford.
“I’d say premiums are surging, and I guess that trend is here to stay because the technical and legal landscape is becoming more and more complex,” says Ilia Kolochenko, founder of security firm Immuniweb. He points to rising fines under data protection laws as an increasing risk, with some insurers refusing to write new business.
He advises CISOs to be very careful with how cyber insurance contracts are drafted, as a lack of attention to detail can result in firms not having the cover they thought they had bought.
“The most frequent pitfalls that we observe is either you have too many exclusions, or the policy uses overbroad language,” says Kolochenko. This leads to insurers refusing to pay out.
And, as the NCSC points out, cyber threats change rapidly. CISOs need to check whether cover applies to new or emerging threats. If it does not, the policy might be of more limited use. Read Full Article
App Developer Magazine: ImmuniWeb Neuron web security scanning
Tech Wire Asia: Google loses defamation fight in Australia