Why is Cyber Insurance so deeply misunderstood?
Every day I come across another article, another blog post or news item that makes one idea abundantly clear: only a small percentage of the population understands what cyber insurance does, how it works and how to effectively buy and employ it. While I won’t get into the weeds, a major step to understanding cyber insurance is to view it as the final layer in a “defense in depth” (DiD) strategy.
The SANS Institute, a well known and trusted source in the cybersecurity industry, defines DiD as the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to thwart the attack – a similar function to walls of a castle.
The Layer 8 Security team believes in the Defense in Depth Strategy, encompassing a well-developed Information Security Program, employing all requisite technical security services and, finally, setting in place cyber insurance as the final layer of protection. We urge every Company to fully explore this process.
I recently came across a good video clip on LinkedIn about this concept, and share it here for your convenience.
I like how the speaker explains why Companies that believe cyber insurance is a stand-alone defense are deeply mistaken. He does a nice job, and I won’t belabor the point. I will, however, add a significant follow-up point: It’s nice to find someone who knows what they are talking about.
We at Layer 8 Security are proud to have cultivated a network of intelligent, well trained and well-spoken professionals in our arena. In upcoming weeks, I’ll highlight a few of them.
It’s sad to say, but most insurance brokers have a very limited understanding of the cyber insurance marketplace. When you need to buy (or review your existing) cyber insurance, it’s critical that you work with someone who understands the intricacies of the policies, who understands what language can be negotiated (and what language cannot), and what clauses can be modified, added and/or deleted.
On the other end of the process, when you have a cyber claim that your insurance company rejects, you need qualified attorneys who have studied the field and understand all the angles.
As your cyber-subject matter expert (SME), we’re here to advise you on all the layers of a well-developed, DiD forward Risk Management Program. Whatever you need in our field, we can either do it ourselves or guide you to a knowledgeable SME who specializes therein. Either way, we’ve got you covered.
—