The Shifting Dynamics of Cyber InsuranceErik Decker of Intermountain Healthcare on Cyber Insurance Renewal Strategies
The cyber insurance landscape has evolved significantly over the last 10 to 15 years. Initially, renewals were relatively straightforward, but with the rise of cyberthreats such as ransomware, the market has shifted dramatically. Cyber insurance renewals now involve more extensive assessments and increased costs due to the heightened risks.
Erik Decker, vice president and CISO of Intermountain Healthcare, outlined five critical controls that cyber insurance providers look for when assessing an organization's eligibility for coverage: endpoint detection and response capabilities, multifactor authentication, tested backup maintenance, privileged account management, and email and web filtering protection.
Decker emphasized the value of presenting a strong case for cyber insurance renewal to underwriters. "If you're a good risk, they might want to compete for the primary role, or they might want to go lower, so they get a better price per million cost on that. They might want to take extra capacity," he said. "For larger organizations, it's common to see $5 million, but maybe you get it down to $1 million or somewhere around there, and that helps you reduce your deductible."
In this video interview with Information Security Media Group at Black Hat USA 2023, Decker also discussed:
- Understanding your security program;
- Extracting extra value from insurers by having a well-established cybersecurity program;
- Questions security leaders need to ask themselves before renewal time.
Decker has expertise in security governance and policy, risk assessment and mitigation, security leadership, and incident response. Prior to Intermountain Health, he served as assistant director of information security at Columbia University Medical Center.