Gaps Identified; Building Blocks to Understanding Outlined
The fast-growing cyber security insurance market could triple in size by the end of the decade, despite communication problems that often make it difficult for information security and insurance professionals to work together. The communications gap is so wide that only 30% of underwriters and 38% of InfoSec respondents believe they even speak the same language, according to the results of the SANS Cyber Insurance Survey, conducted in conjunction with Advisen, Ltd. and sponsored by PivotPoint Risk Analytics, to be released by SANS Institute on June 21.
“As cyber insurance becomes part of more organizations’ cyber resilience strategies, information security professionals and risk managers must take a holistic view of cyber security, and they must have a common framework for working with insurance brokers and underwriters. Today they don’t,” said Julian Waits, CEO, PivotPoint Risk Analytics.
Despite the need to work closely together on policies, the survey showed that the two groups don’t share a common definition of a concept as fundamental as “risk.” “Closing those gaps in terminology, assessment, communication and investment will move us closer to being able to achieve that goal,” saysBarbara Filkins, SANS Analyst and author of the survey.
The whole field is so new and the threat environment changes so quickly that it is difficult for insurers to determine which risks pose a significant threat to a specific customer. “Legal terminology is also so new and amorphous that it is difficult to know what protections the language of an insurance policy actually provides,” according to Ben Wright, a SANS senior instructor, author and practicing attorney who contributed to the report.
Both sides are working to resolve those gaps and uncertainties, Waits said. “This research provides a clear understanding of the gaps, and is an important step toward building a bridge.”
This collaborative effort of SANS, PivotPoint Risk Analytics and Advisen identifies the gaps inhibiting the communities from working together effectively and provides the building blocks needed to reduce the risk of financial loss associated with cyber incidents.
“The cyber insurance market is growing rapidly, and organizations of all types and sizes now purchasing cyber insurance. Consequently, information security professionals and cyber insurance brokers and underwriters are interacting more frequently. We at Advisen are delighted to work with PivotPoint and the SANS Institute to help understand how these interactions can be more productive,” said David K. Bradford, co-founder and chief strategy officer, Advisen Ltd.
Full results of the survey will be shared during a June 21 webcast at 1 PM EDT
Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst Barbara Filkins with contributions by Ben Wright and David Bradford.