The financial risks to organizations from data breaches come from a variety of angles, from share price hits to class action lawsuits to fines from regulators to reputational damage. As such, the insurance industry has jumped full steam into cyber. Larger insurers are already helping companies spot and mitigate weaknesses as part of their coverage, as well as helping post-incident with response and remediation. But how often are CISOs involved in the cyber insurance decision-making process? Not often enough.
CISOs have historically not been too keen to see money invested in risk-transfer protections; instead, they'd rather see that money spent on security. So, how and should their perspectives about cyber insurance change?