Integration of Cyber Insurance Into A Risk Management Program

Conference: BlackHat USA 2019

2019-08-07

Summary

The importance of cyber insurance and understanding insurance policies in the context of cybersecurity

Cyber insurance is becoming increasingly necessary for organizations due to regulatory and contractual requirements
IT and IT security professionals should be involved in the insurance acquisition process to ensure proper coverage
Reading and understanding insurance policies is crucial to avoid gaps in coverage and denied claims
Contingent business interruption is a concept that scares insurance carriers and may not be covered in policies
Executives understand risk and organizations are already transferring risk through insurance

The speaker shares their experience of trying to get cyber insurance accepted at a Black Hat conference and receiving rejection letters for several years. They emphasize the importance of understanding insurance policies and being involved in the acquisition process to ensure proper coverage.

Abstract

This session will provide information on the current data breach landscape and then discuss how Cyber Insurance is being integrated into a risk management plan. Information Security professionals and incident responders are in many cases unaware of how the cyber insurance process works when there is a data breach and do not understand the requirements that can affect the incident response process.

Materials:

Slides

Tags: