By Chris Bowen, Chief Privacy & Security Officer & Founder, ClearDATA
Twitter: @cleardatacloud
At the beginning of this year I said I would do a series of blog posts for CISOs and Privacy/Security Officers. Here was the first installment in that series: Building Habits for CISO and Security Officer Success.
Today, I am adding the second installment and giving you direct access to a video I recently recorded: A CISO’s Cautions When Cyber Insurance Shopping. As you know all too well, healthcare is under attack and the threats are constantly evolving. This makes procuring policies that protect your organization a challenge.
The last thing any security officer wants is hear is that you’ve had an incident and your insurance doesn’t cover you. Buying cyber insurance is a complicated and often arduous task, but like so much of our work, it’s one we have to get right the first time.
So, I’m offering advice for your consideration based on what I’ve learned over the years renegotiating these policies every single year.
The most important thing to understand is that your role plays a huge part in managing the risk in your organization. From a cyber perspective, you decide which risks you accept, which you remediate, which you avoid and which you transfer. In the video, I will help you determine if you’re transferring your risk the right way. You’ll gain insights into how and when to use cyber security insurance, and you’ll also understand the role this plays in your critically important security incident run book.
To be clear, I don’t sell cyber security insurance and I’m not recommending anyone who does. I’m just sharing some pointers for you to procure and negotiate your policy. Learn what costs are typically covered and where you might be left with gaps. I’ll also share some important recent examples from real world scenarios including the North Korea attack on Sony over the release of movie that mocked their leader, and an example from London where the coverage a company had wasn’t what they thought.
Let’s all up our game and our defenses to be sure we CISOs and Privacy/Security Officers are protecting our organizations to the highest degree possible.
This article was originally published on ClearDATA and is republished here with permission.