Collective Intelligence Podcast, Cyber Insurance for CISOs
By Mike Mimoso
Cyber insurance and software liability have been hovering over the security industry for the better part of two decades but have decidedly failed to kick down the door and become mainstream.
That dynamic may be changing, however. A short track of talks were held last week during the annual Black Hat conference where insurance underwriters, providers, and risk management professionals brought a common understanding of cyber insurance and how it works, its value proposition, what products are available to buyers, a snapshot of claim costs, and market intelligence.
In this episode of the Collective Intelligence Podcast, Jeffrey L. Smith, founder of Cyber Risk Underwriters, a specialty provider of cyber insurance and related products, discusses the state of the industry and why the time may be right for cyber insurance to finally become part of a business’s standard insurance portfolio.
Smith, a 25-year veteran of the insurance industry, has been coming to Black Hat for a few years and has wisely connected with security experts such as Jeremiah Grossman and Robert “RSnake” Hansen not only for their experience and knowledge, but also to help smooth over a perception barrier between insurance agents unable to explain exposures to CFOs and other buyers inside the enterprise as they attempted to sell a new segment of their market.
Those barriers appear to have lowered; last week at Black Hat, the third annual Cyber Insurance and Warranty Geek breakfast attracted several hundred security professionals, up from 40 CISOs and vendors during the first one in 2017.
“It’s interesting how the tone has changed,” Smith said. “The first year, they were kinda looking at me like I was ill and contagious. Last year I noticed people were asking questions. And this year, we had several hundred people sit with us to talk about insurance.”
Smith attributes that growth to a rash of headline-grabbing attacks, in particular ransomware outbreaks against municipalities that are putting leaders to difficult decisions. Those leaders, Smith said, are asking pointed questions about how cyber insurance can help mitigate some of the risk they face in these situations.
Smith also describes what cyber insurance products look like for buyers, some of the services that are available, and also, the opportunity for managed security services providers (MSSPs) to sell insurance much in the same way travel agents sell insurance to travelers.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.