As the insurance industry tries to get a handle on cyber risk, the enterprise chief information security officer (CISO) must be involved in its procurement, a report said.
David K. Bradford, co-founder and chief strategy officer at insurance analytics firm Advisen, said that the CISO needs to be involved in the early stages of procurement to help map exposures and work with the risk manager to understand what these exposures are. He said this will help because the knowledge will help the risk manager explain the risk to the brokers, who in turn are able to match it with the insurers to provide the appropriate coverage.
Consulting firm Price Waterhouse Coopers estimates that insurance premiums can be expected to grow to $5 billion annually in 2018 and $7.5 billion by 2020.
Still, gaps in the proper provision of insurance exist and continue to hinder its proper adoption among enterprises.
Information Security Company SANS analyst Barbara Filkins breaks down the gaps as follow:
- Terminology Gap-there is a lack of a common fundamental definition of the concept of “risk” among insurers and their clients
- Assessment Gap-insurers and CISOs have different preferences over the use of qualitative versus quantitative metrics.
- Communication Gap-there is a general divide between insurers and CISOs.
- Investment Gap-there is a need for increased transparency in underwriting criteria so the enterprise can better align their investment to cover their cyber risk.
