cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tmekelburg1
Community Champion

Cyber Insurance used to increase security

Interesting paper from the Royal United Services Institute (RUSI) titled: Cyber Insurance and the Cyber Security Challenge.

 

Mission Statement of RUSI: As an independent institution, we produce evidence-based research, publications and events on defence, security and international affairs to help build a safer UK and a more secure, equitable and stable world.

 

About | Royal United Services Institute (rusi.org)

 

Essentially the rough steps on improving overall security posture by way of Cyber Insurance:

  1. Insurance companies all agree on minimum baseline security standards, e.g., NIST, ISO, Cyber Essentials, etc.
  2. Make cyber coverage mandatory for all government agencies and their suppliers.
  3. Enact legislation to make cyber insurance mandatory for large and SME, just like professional liability insurance coverage

Proposed Pre-Incident Services Insurance Companies can provide in partnership with MSSP’s:

  • Staff Training: This generally involves phishing-focused training. For larger businesses, training may also include scenario-based tabletop exercises with senior management.
  • Cyber risk rating services and vulnerability scanning: Rather than using these tools as part of an initial risk assessment, some insurers use them off cycle to monitor internet-facing IT infrastructure or provide organizations with direct access to them.
  • Threat intelligence services: These types of services might involve deep and dark web monitoring to identify specific mentions of an organization, or using claims incidents to create security alerts or identify trends
  • Access to a virtual CISO: This provides organizations without a senior cyber security manager with access to expertise
  • Password management solutions

Of course, there are issues involved with this plan and are detailed in the paper here: Cyber Insurance and the Cyber Security Challenge (rusi.org)