cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion

Risk transference via Cyber Insurance - Be careful

It looks like one of the major options that we heard touted in the CBK may not be all that advantageous.  I don't think it will improve as more data is gather regarding cyber incidents. It will be very hard to predict where the next issue will come from.

3 Replies
ro83
Newcomer III

Some years ago there was a really good Mac vs PC ad to impress this type of budgeting https://www.youtube.com/watch?v=sWLfEVGwjrA so nothing new under the sun.

rslade
Influencer II

> Flyslinger2 (Contributor II) posted a new topic in Industry News on 12-04-2018 09:51 AM in the (ISC)² Community :

> It looks like one of the major options that we heard touted in the CBK may
> not be all that advantageous.  I don't think it will improve as more data
> is gather regarding cyber incidents. It will be very hard to predict where
> the next issue will come from.

I first heard about computer/cyber insurance about three decades ago. I thought it
was a highly questionable (read "bad") idea then, and I haven't seen any
improvement since.

You've heard the saying about if you know the difference between good advice and
bad advice then you don't need any advice? Well, pretty much the same with
cyber insurance. People seem to think they can buy cyber insurance instead of
doing risk assessments. If you don't know the risks, you *definitely* don't know
how much benefit you are getting out of insurance in regard to the costs you are
paying.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
One of the advantages of being disorderly is that one is
constantly making exciting discoveries. - A. A. Milne
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

From our experience in little New Zealand; many of the 95% Small to Medium Enterprises, regularly use cyber insurance as a means of mitigating the initial shock horror to cover the costs.   But then the the major cyber insurance providers then hit them subsequently with ISO 27001 and audits to compensate with higher premiums, if they do not comply to requests.  

 

There is a notion going around about placing liability on vendors as well - not sure how far that is going to go at the present time. 

 

regards

 

Caute_cautim