13 Ninja CIO Questions to ask Your Cyber Security Insurance Carrier?

vector illustration of traditional japanese ninjas fighting

Even Samurais used Ninjas to do their dirty work for them. Ninjas were secretive and operated in stealth. They were feared.

A Samurai would face his enemy boldly in battle. Ninjas were employed by Samurai to do their dirty work, fighting and assassination in stealth.

You as the Samurai of your company need to dig deep into non-traditional fighting techniques…..

Is Cyber Security Insurance an Option?

The enemy operates in stealth under anonymous pretense of the internet for the most part. You continue to manage traditional lines of defense that include employee training, proper IT Security gear and equipment, funding, processes, etc. However, the enemy is winning the battle (at this point) so what are the options?

How fast is the Cyber Insurance Market is growing?

At AON PLC, the London-based firm that is the world’s largest reinsurance broker, Kevin Kalinich, AON’s Global Practice Leader for Cyber Risk, says that data from the company’s Global Risk Insight Platform (GRIP) – a repository of insurance placement data – shows the cyber insurance market growing at 38% annually. That is about twice the rate, measured by market sales, of the next fastest growing market that AON tracks, according to Kalinich.

Is Cyber Security Insurance foolish?

I think using all available tools needs to be examined to mitigate risk. Insurance is an option. However, you want to hit these carriers with hard core questions. The nature of boundary-less computing (country, nation, and state), mobility and Cloud needs to be examined very closely.

Here are my questions I have compiled:

  • How is cyber insurance (CI) landscape changing?
  • Is Cyber Insurance (CI) changing/adopting as fast as IT Security is evolving?
  • How is data being moved to the cloud impacting Cyber insurance?
  • If a company is multi-national how does this impact Cyber Ins?
  • What about state by state limits?
  • Is IT Security Insurance more about Disaster Recovery than anything else?
  • What elements of insurance policies should be examined to see what is included?
  • Not all insurance companies play in the Cyber Risk area…..right? What qualifies them to enter this territory?
  • What does xyz ins carrier bring to the table that buyers should know about……?
  • What IT security profile does a company need to qualify for in order to buy cyber insurance?….Is there a framework or an assessment guideline the carrier will need in order to gauge the level of risk that is being transferred to the carrier?
  • What are the different flavors? Technical e&o, cyber theft, cyber attack/business interruption, data leak/breach, downstream/3rd party attack damage?
  • How do CIO’s prepare for cyber insurance payout? When it’s time to make the insurance company pay out how would a CIO show due diligence?
  • What are the triggers to your Policy? What are the terms and conditions, and which terms act as a trigger to the policies being purchased?

These are my questions. What are yours?

Bill Murphy is a world renowned IT Security Expert. You can find him online at RedZone Technologies. He welcomes your comments and feedback below. You may also email him at billm@redzonetech.net.