Cyber Insurance , Governance & Risk Management , Video
How Cyber Insurers Evaluate Security Measures
Tokio Marine HCC's Keith Bergin on Cybersecurity Measures for Insurance EligibilityFaced with a changing threat landscape, cyber insurers are increasingly focusing on assessing a company's security measures before issuing a policy. The deployment of multifactor authentication is a primary focus, said Keith Bergin, vice president of corporate claims at Tokio Marine HCC. Other key areas for risk assessment include administrative access control and patch management.
See Also: Cloud Security and Developers: Role of Zero Standing Privilege
These security measures are foundational for organizations of all sizes, from SMBs to Fortune 50 companies, Bergin said. He stressed the importance of assessing the insurance provider's capabilities and experience in handling cyber-related claims and prioritizing preparedness and resilience in the event of a breach.
For insurers, it is important to do a risk assessment to identify the "barrier to entry to insurance." "When we're assessing that risk, if you tip the scales too far in the wrong direction, we're not going to be able to provide a quote," he said. "So those are some of the base-level things that we look for just to be able to become partners and offer a policy."
In this video interview with Information Security Media Group at ISMG's North America Midwest Summit, Bergin also discussed:
- The role cyber insurers play in providing threat intelligence and pre-breach mitigation services;
- How CSOs can leverage insurance carriers to save on security technology;
- The role of technical debt in risk assessment.
Bergin has more than 15 years of experience across the property and casualty domain. He is experienced in building, structuring and establishing industry best practices and educating policyholders in understanding organizational risks.