Integration of Cyber Insurance Into A Risk Management Program

Conference:  BlackHat USA 2019



The importance of cyber insurance and understanding insurance policies in the context of cybersecurity
  • Cyber insurance is becoming increasingly necessary for organizations due to regulatory and contractual requirements
  • IT and IT security professionals should be involved in the insurance acquisition process to ensure proper coverage
  • Reading and understanding insurance policies is crucial to avoid gaps in coverage and denied claims
  • Contingent business interruption is a concept that scares insurance carriers and may not be covered in policies
  • Executives understand risk and organizations are already transferring risk through insurance
The speaker shares their experience of trying to get cyber insurance accepted at a Black Hat conference and receiving rejection letters for several years. They emphasize the importance of understanding insurance policies and being involved in the acquisition process to ensure proper coverage.


This session will provide information on the current data breach landscape and then discuss how Cyber Insurance is being integrated into a risk management plan. Information Security professionals and incident responders are in many cases unaware of how the cyber insurance process works when there is a data breach and do not understand the requirements that can affect the incident response process.