Most CISOs can't get the cyber coverage they need – report

Most CISOs can't get the cyber coverage they need – report | Insurance Business

Most CISOs can

The vast majority of chief information security officers report being unable to get the cyber coverage they need, according to a new study by Arceo.

Seventy-seven per cent (77%) of CISOs responding to the study identified incidents that they felt needed cyber coverage, but reported being unable to get it, Arceo said. In addition, 96% of CISOs surveyed wanted additional coverage for increased vulnerabilities resulting from the surge in remote work.

“This means almost every CISO out there is worried – likely because the security practices followed when working remotely are more lax than those followed in the office, leading to a higher risk of attack,” Mike Convertino, CSO at Arceo and former CISO of Twitter, wrote in a report. “In fact, over 40% of CISOs identified that cloud usage (49%), personal devices usage (45%), and unvetted apps or platforms (41%) posed the biggest threats during this work from home period.”

In addition, 88% of CISOs said they weren’t completely satisfied with the performance of their company’s primary insurance brokerage, and 98% said they wanted additional support from their primary cyber insurance provider after a serious incident. Forty-eight per cent (48%) said they had experienced a security breach in the past.

“Now more than ever it seems CISOs tend to be more concerned about disruption to continuity, which is a greater risk as staff work at home,” Convertino wrote. “More than half of CISOs want cyber insurance to cover business email compromise (56%), loss of electronic data (55%), cyber extortion (53%), and ransomware (52%).”