Featuring SANS Institute and Advisen
Organizations of all sizes are rushing to adopt cyber insurance, a trend accelerated by SEC guidance to executive management and boards of directors of public companies. Yet in one of the key findings of this survey, only 48% of the CISOs and other information security (InfoSec) professionals surveyed find cyber insurance at least “adequate” when addressing the consequence of a data breach. This research specifically uncovered the potential sources of friction and gaps between the InfoSec and insurance communities:
- The Terminology Gap
- The Assessment Gap
- The Communication Gap
- The Investment Gap
A roadmap to bridge these gaps is offered by the panel. One key observation: We need a common definition that expresses cyber risk as financial exposure – the amount of money an organization could potentially lose to cyber-attacks over a specific period of time.