Join our followers
The Wild West of the Nascent Cyber Insurance Industry
Friday, November 12, 2021
The logical extension to enquiring about security postures would be to start insisting on certain controls. This would be a large step too far. To be effective, it would require the insurance company to have the visibility of a CISO, the business understanding of the board, and the purse strings of the CFO within every insured company. This would be far too expensive for the insurer and far too intrusive for the customer. It is, quite simply, a non-runner.
Implementing continuous monitoring
A third approach would be for the insurance industry to base their premiums on recommendations from third-party security scanning companies – such as Qualys, BlueVoyant, ImmuniWeb, Outpost24, SecurityScorecard and many others. This could provide a form of continuous posture monitoring; something missing from both the audited security insurance standard and the questionnaire-based approaches. It also promises to be less intrusive and therefore more acceptable to the customer. The insurance company can simply say, our scans say you are weak in these areas: strengthen them and you will qualify for lower premiums. Read Full Article
eSecurityPlanet: U.S. State Department Puts $10 Million Bounty on DarkSide Ransomware Group
ComputerWeekly: US offers $10m reward for intel on DarkSide ransomware gang
