1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Confusion over cyber insurance leads to coverage gaps

Discussion in 'CSO' started by RSS, Jul 8, 2016.

  1. RSS

    RSS New Member Member

    Assessing damage after a major cybersecurity breach is one of the most harrowing things a CIO or CISO can face. There is plenty of blame to go around but rarely enough people to accept it evenly. And when it comes to recouping money from cyber insurance claims, this blame game is further complicated by confusion.

    A typical corporate cyber insurance discussion goes like this: The CEO or board chairman calls the CISO into the room and tells him that their insurers is going to pay out only 38 percent of a claim because "you didn't implement encryption on the affected applications."

    The CISO says: "First, I didn't know we had cyber insurance. Second, the impacted apps are running our ATM machines and if we would have encrypted them you would have fired me because our customers wouldn't have been able to access them. I wish you would have talked to me before you implemented these policies."

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page