02:00 PM
Connect Directly

How To Bridge The Cyber Insurance Gap

CISOs and insurance executives must unite and create more defined terminology and expectations for cyber insurance.

The information security and insurance businesses traditionally have worked in parallel with one another, but with the rise of high-profile security breaches the two industries are being forced to work more in concert.

A new study by the SANS Institute and insurance research group Advisen seeks to bring both groups together. The survey, commissioned by PivotPoint Risk Analytics, polled 203 IT security professionals and 194 insurance industry executives.

SANS/Advisen’s report found that for starters, a terminology gap exists between information security professionals and insurance providers on the definition of simple terms such as “risk” and “data breach.”

According to the survey, only 38% of respondents involved in the decision to purchase cyber insurance believe there’s a common language of cyber risk between themselves and their insurance representative, and 55% say they lack a common language with which to communicate about cyber insurance.   

Barbara Filkins, the SANS senior analyst who headed the study for SANS, says it’s much more difficult to quantify coverage in cyber insurance.

“In a fire, there is a beginning, middle and end, and it’s something people can see,” Filkins says. With a cyber incident, it may take several months after malware infiltrates a network before a company experiences any negative impact, then even once security pros remediate the attack, the threat may still be lurking.

David K. Bradford, co-founder and chief strategy officer at Advisen, says the survey was an attempt to bring both industries together.

“While no authoritative group has emerged, what we’ve found is that more CISOs are attending the technology track sessions at our insurance conferences and more insurance executives are attending some of the more technical trade shows,” he says. “I think realistically, that’s how it’s going to develop for now.”

Filkins, Bradford, and PivotPoint CEO Julian Waits each weighed in on how security pros and insurance executives can more closely work together. Here are three ways:

1. Bridge the communication gap. Keep in mind that the first cyber insurance policies were written as recently as the 1990s, so it’s a new field. Today there are 61 companies that offer cyber insurance, but nobody defines terms in quite the same way. For example, one policy may cover a company for a data breach, while the other will cover for a network security wrongful act. Both terms may or may not be the same thing, depending on the policy, it’s not always clear. The University of Cambridge in the United Kingdom has been working on developing common terminology for cyber insurance, but nothing has been released and it would mostly be recommendations, nothing binding.

Action item: CISOs must be more involved in helping define terms for cyber insurance as well as selecting policies, and large companies need to get the corporate risk managers involved as well. The study found the that while CISOs are involved in the cyber insurance process, 50% of decisions on cyber insurance were made by top management. But that may change as CISOs and other IT executives get more involved in the final decision-making process on cyber insurance.

2. Develop a baseline cyber insurance policy. The study found that the security investments made by companies do not always align with the criteria and priorities of underwriters. In fact, of the 26 policies examined by the University of Cambridge, no two polices had the same level of coverage. However, eight of the policies offered coverage for CEO fraud events, and the majority covered ransomware events.


Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Action item: CISOs need to consider the impact of their technology decisions on cyber insurance. Today, there’s no one single baseline standard for what a policy should contain. CISOs must work more closely to explain their requirements so the underwriters understand the impact of various security events.   

3. Educate CISOs on the role of insurance. Only 14% of insurance brokers say that CISOs understand the value of insurance very well. And nearly 40% of the security pros surveyed by SANS say that they don’t understand the characteristics and limits of the company’s cyber insurance coverage.     

Action item: Underwriters -- and especially brokers -- need to communicate effectively with CISOs on the role insurance plays following a cyber event. It’s here that brokers can be most effective. As the intermediaries between CISOs and the corporate risk managers on one side, and the underwriters on the insurance side, brokers can educate both sides on the needs of the other. Companies looking for cyber insurance should lean on the brokers because they have the expertise on what the different policies actually cover.  

Related Content:

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
9/1/2016 | 10:16:22 PM
The gap needs to be bridged indeed
Great article, and study, relating to one of the biggest impediments in allowing the insurance industry to achieve it's risk engineering potential for cyber.  Bridging the gap and fostering a collaborative relationship between insurers and CISOs can help the insurance industry do for cyber risk what it did for maritime and property risk.   
User Rank: Apprentice
7/18/2016 | 7:39:51 AM
Great post.Thanks for sharing it with us.
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.