Everyone benefits, the CISO, the company, and the insurer when CISOs are included in cyber insurance negotiations.
Generally speaking, negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the CISO at the table when negotiating with insurance companies is a best practice for ensuring that insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organization’s strategy.
CISO at the Table
While CISOs often are included in cyber insurance discussions at large companies, small and some midsize organizations might not have a corporate CISO position and are thus at a disadvantage, especially if there is an insurance claim.
A CISO would take as many steps as possible, as a best practice, to engage with the claim adjuster and, if counsel for the carrier is involved, to discuss the proposed courses of action and ideally be provided with a hard yes and affirmative answer to the proposed course of action.
Without a CISO in place, organizations have non-technologists addressing technical cybersecurity issues, potentially putting the client at risk. Because cyber insurance is a risk transference function, organizations need a strong CISO, being in front of the board and executive teams explaining the importance of the issues at hand that have been presented by the carriers.
Filling out cybersecurity insurance applications alone is no small task. Think about having to work through a Ransomware Supplemental application that is 14 pages, with many of the questions requiring a significant amount of technical expertise. Failing to answer questions correctly could see a claim denied for providing misinformation or even the organization being sued by the insurance carrier.
The general counsel or chief financial officer oftentimes is the decision maker for insurance, but when your talking about the actual representations that are being put together for an application, you should have folks that are experienced technically, engaged in the conversation, so there’s not a material misrepresentation from the organization to the insurer, which, again, could cause a denial of claim.
Having a CISO level resource involved is critically important!
Goliath Cyber – Executive Cyber Advisory Service provides organizations with access to experienced security executives who can assist in the design, implementation, and ongoing oversight of framework based security programs.
The scope of these services can be narrow or broad depending on your business need, addressing the needs of a specific project or process, or addressing your macro security environment. So whether the need is to securely integrate a new acquisition, select and implement new security technology, work with Cyber insurance requirements/claims, or facilitate the modernization of your company’s security posture, we can help.
With our expertise and experience, we efficiently and with flexibility assist our clients in the planning and implementation of their security programs.
When it comes to getting actual Cyber Insurance, we have partnered with Coverdash, from our site you can source the Cyber Insurance your business needs at the most affordable rates. Insurance is complicated and partnering with Goliath Cyber and Coverdash, we make it simple ensuring you have the protections and coverage needed!