Cyber Security Insurance – 8 coverage options to plan for.
In this episode I talk with John Milano, SR VP of RCMD. I ask him questions on his cyber security insurance business and what an IT Leader needs to be asking from their insurance carrier. We cover every conceivable topic and situation. In addition he has suggested questions that all CIOs and IT and business leaders need to be asking. We discuss limits of coverage and how to buy the best appropriate policy for your business.
If you are an IT Business Leader and want the latest Cyber Insurance information related to:
Security & Privacy Liability, Media Content, Regulatory Acts Coverage, Breach Response Fund,Legal & Forensic Expenses, Cyber Extortion, DDOS and Business Interruption, Business Interruption, Crisis Fund then listen below.
- Listen on iTunes (for iPhones etc)
- Listen to it on Stitcher (This is for Android Phone Users. Download the Stitcher app)
- Stream it on Libsyn
- Listen to it on Soundcloud (This is for listening via PC/Mac Browser)
- Please subscribe here to Bill Murphy’s Redzone Podcast on iTunes.
- Subscribe to my RSS Feed here.
If you enjoy the show, you can help us out by leaving a review on iTunes. Here’s How!
Some of the questions we covered:
- How is cyber insurance (CI) landscape changing
- Is Cyber Ins (CI) changing as fast as IT Security?
- How is data being moved to the cloud impacting Cyber insurance?
- If a company is multi-national how does this impact CI ?
- What about state by state limits?
- What elements of insurance policies should be examined to see what is included?
- Not all insurance companies play in the Cyber Risk area…..right?
- What does RCMD bring to the table that buyers should know about?
- What IT security does a company need to qualify in order to buy cyber insurance?
- What are the different flavors? Technical E&O, cyber theft, cyber attack/business interruption, data leak/breach, downstream/3rd party attack damage.
- How do CIO’s prepare for cyber insurance? When its time to make the insurance company pay out, how do CIO’s show due diligence.
Sample Coverages under a Cyber Liability Policy
- Security & Privacy Liability
- Media Content
- Regulatory Acts Coverage
- Breach Response Fund
- Legal & Forensic Expenses
- Cyber Extortion
- Business Interruption
- Crisis Fund
Show Notes for Episode 3
- How do Insurance Carriers assess Risk? [3:34]
- How do Insurance Carriers assess risk which is in the Cloud and data housed in different locations? [5:50]
- What risk identifiers do Insurance Carriers look at, and what does the CIO need to be aware of? [8:10]
- How can insurance help when companies suffer breaches.[11:03]
- Should insurance be a part of BCP -table top planning. [13:59]
- When a breach happens, what would you need to be aware of that would negate your Cyber insurance? [15:12]
- If you move part of your data into a cloud service provider, will it abdicate the customer from responsibility for the security of their data[18:03]
- Data owner is responsible for mis-management of data. [19:00]
- If data breach is in a different location to where client is based, what would happen, and who would it impact? [19:31]
- What are the different types of policy you should be asking for? [21:39]
- What do you need to understand in terms of regulatory policy and what is being qualified. [23:15]
- Upon breach, would the insurance policy help with expenses and costs of notification, credit monitoring, PR & forensics? Can this be put outside your liability limit? [23:41]
- What policies would help with additional forensics [26:20]
- In the Sony Hack they were asked to pay an extortion fee. How do policies deal with cyber extortion? Network Interruption? [27:56]
- What questions should a CIO ask? [29:55]
- Are Insurance carriers covering the difference between how data is moved – through different virtualisation methods BYOD [32:04]
- How do carriers look at HIIPA, PCI regulations? [34:18]
- How can a CIO get counsel in purchasing insurance? [36:23]
- How does coverage help you if you have already been breached and it was undetected, or unknown at the time of purchasing insurance. Assumption of Breach [39:26]
- Do you have to do an assessment before? [42:00]
To participate in discussions about these topics and others join our CIO Group on LinkedIn
Bill is dedicated to your success as an IT Business Leader. Sign up/Subscribe for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly: Follow Bill on LinkedIn and Twitter.
Leave a podcast review here