Also, is there a need for a stronger formal evaluation when bringing insureds on board?
insurance news
Written by David Saric
Almost half of organizations responding to our fall survey have switched cyber insurance providers, but only a quarter of respondents said they underwent a thorough insurance company review when signing up.
Forty-eight percent (48%) of 706 IT and cybersecurity professionals surveyed by Recast Software and Ponemon Institute in 2023 said they changed their cyber insurance provider, primarily because: is.
- Cancellation of insurance contract (25%)
- Cost (21%)
- Find a company that offers better coverage and pricing (18%)
Additionally, only 25% of participants said they received a formal evaluation from an insurance company or broker upon joining the company.
“Brokers conduct these initial assessments through insightful but vague surveys,” said Will Teevan (pictured), CEO of Recast Software. “It is very difficult to quantify the extent to which insureds follow certain procedures.
“They might say they patch the OS when updates are available, but is that 100% or only 80%? The insured might say they have 100% control over the environment. Yes, but are brokers really sure of that?”
If the switch is not done consistently and client onboarding is not thorough, it can create difficulties in understanding the risk profile.
“I don't think that's good for anyone,” Teevan said. “No one has a clear understanding of what the real risks are when things are constantly changing.”
“I think we'll see a more programmatic approach by brokers and insurers,” he said. “They will be able to leverage management systems and capture data with existing tools, but new technology will allow them to access and assess the insured's environment.
“You'll be able to see how well your cyber posture is, not just through surveys. As things get bigger and bigger, I think brokers and insurers will become more and more capable.”
Cybersecurity silos
Companies are strengthening their internal cybersecurity postures to thwart threat actors, but in some cases, this can leave security and systems administration teams isolated from each other.
“There are definitely silos out there and we need to break them down and support each other,” Teevan said.
Taking a siled approach can risk creating friction between the two parties, rather than fostering a more collaborative spirit.
“Security teams have big budgets, many tools, and a lot of influence within the organization,” Teevan says. “However, security teams are very focused on alerting and monitoring through penetration testing and raising the alarm that there may be potential vulnerabilities as CVEs (common vulnerabilities and exposures) are uncovered. is placed.”
Those working in system administration and doing more tactical work to remediate or eliminate these potential breaches may not have enough budget or resources to be more proactive when threats come in. Often there isn't.
“Tactical teams managing users and devices need to be more proactive and focus more on giving them the tools they need to get ahead of problems, rather than waiting for security teams to respond.” “There is,” Teevan said. “Security teams are tasked with creating an environment where businesses can reduce risk by preventing it and putting limits in place to prevent it from happening.
“And then there's another team called systems management, which is tasked with making sure the entire organization can get its work done.”
Related article
Check out the latest news and events
Join our mailing list, it's free!
