On May 24, 2016 Tenable hosted a panel webinar about Five Things Every CISO Must Understand about Cyber Insurance Coverage. Our panel of experts included:
- Ben Beeson: Senior Vice President, Lockton Companies
- Matthew Prevost: Vice President, North American Financial Lines, Chubb
- Matthew Perry: Global Manager, Information and Cyber Security, First Solar
- Craig Shumard: former CISO with Cigna; now Principal, Shumard & Associates
The session explored the reasons why companies are investing in cyber insurance, what’s covered, when and how CISOs should get involved, how CISOs influence coverage decisions and costs, the impact of security best practices, and how insurers may ultimately help insured enterprises lower risk over time.
How does Tenable impact cyber insurance coverage?
When businesses invest in cyber insurance, they go through an underwriting process. CISOs play an important role in underwriting by briefing the underwriter about what they’re doing to protect the business.
CISOs play an important role in underwriting by briefing the underwriter about what they’re doing to protect the business
Among other things, they must be able to adequately describe how they assess and maintain conformance with administrative, technical, and physical controls. The NIST Cybersecurity Framework is increasingly being cited by insurers and industry experts for its value in reducing cyber risk by providing a sound framework for assessing an organization’s overall cyber hygiene.
Tenable provides CISOs with a uniquely effective way to measure, visualize, and communicate strong and comprehensive conformance with technical security controls. This includes NIST CSF conformance, where we can automate the assessment of over 90% of the technical controls AND provide extensive reporting capabilities that empower a CISO with the information needed to brief insurance underwriters, as well as collaborate and communicate with peer executives, boards of directors, and members of the security team.
Tenable provides CISOs with effective ways to measure, visualize, and communicate conformance with technical security controls
By effectively implementing a security framework, you’re better equipped to meet due-care standards, continually identify security gaps, efficiently comply with multiple compliance requirements, and communicate business risk to executives. And, as one of our speakers noted, within the next year, there will likely be a linkage between your effective use of controls and the price you pay for cyber coverage.
If you’re an information security leader looking for insights about your role in cyber insurance procurement, check out the on-demand version of our webinar. We also encourage you to visit our NIST Cybersecurity Framework page to find more about our solutions for NIST CSF conformance and security framework adoption, a short video, and links to other resources.
Don't miss any Tenable news! Subscribe to the Tenable Blog by clicking Blog email updates on the Blog Home Page.