An east coast bank, The National Bank of Blacksburg,
Brian Krebs has the detailed story on the bank's insurance policy that had two riders to protect it against
3 considerations if you're looking at cyber insurance
We've been hearing about this very concern from leaders at our SecureWorld cybersecurity conferences around the continent. Many leaders are afraid insurers will try to wiggle out of paying after a cyber incident.
Despite that, demand for cyber insurance is growing, because an increasing number of boards see cyber as a "new" business risk that they must protect against.
We had a chance to speak with U.S. Bank CISO Jason Witty about his experience with cyber insurance after his keynote at SecureWorld Twin Cities. Like most in the financial sector, U.S. Bank has cyber insurance.
Here are three things to prepare for if you’re thinking of getting a cyber policy.
1. Ask what the evaluation process is like
“The underwriting process varies greatly by
2. Make sure you understand your commitment
“You need to understand your responsibility to the insurer when you are buying this policy because you are committing that you have a certain level of controls and a baseline of best practices,” Witty says.
3. Understand exclusions
“It’s a tricky one because the actuarial data is not all there. There are some exclusions. You really need to understand your policy,” he says.
And the battle over what is excluded (or not) is what the lawsuit that prompted this story is all about.
[Additional resource: Cybersecurity attorney Shawn Tuma in a SecureWorld story, 4 Key Cyber Insurance takeaways form