Better Risk Assessment for Cyber Insurance: How Will We Get There?

RSA Conference
7 Jun 202350:25

Summary

TLDREric Skinner from Trend Micro and Theresa Le, Chief Claims Officer at Cowbell Cyber, discuss the evolving cyber insurance market's approach to risk assessment amidst rising cyber threats. They highlight the importance of continuous assessment, the impact of ransomware, and the need for better security practices like EDR and MFA. The talk emphasizes the role of insurers in fostering security resilience and the potential for policy pricing to reflect an organization's risk management efforts.

Takeaways

  • 😀 The cybersecurity landscape has been chaotic, with the cyber insurance market evolving to better assess risk in response to turbulent years.
  • 🛡️ Eric Skinner from Trend Micro and Theresa Le from Cowbell Cyber discussed the importance of cybersecurity and how the insurance industry is adapting to foster better practices and risk mitigation.
  • 📈 Cyber insurance has seen significant changes, including increased difficulty in obtaining policies and higher rates due to a rise in severe claims and ransomware incidents.
  • 💡 The insurance industry has historically driven the adoption of safety measures, such as seatbelts and carbon monoxide detectors, and aims to do the same for cybersecurity practices.
  • 📚 Theresa highlighted the limitations of traditional cyber insurance questionnaires in accurately assessing an organization's risk posture, emphasizing the need for more dynamic and continuous assessment methods.
  • 🔒 Eric emphasized the importance of having proper security controls in place, such as EDR and MFA, noting that their absence can lead to immediate rejection by insurers.
  • 📉 Despite an uptick in ransomware severity, there has been a momentary decline attributed to companies becoming more resilient with better incident response plans and backup strategies.
  • 🤖 The use of AI, such as chat GPT, is aiding attackers in creating more convincing phishing and BEC emails, making it increasingly difficult for employees to detect threats.
  • 💻 Attack surface management is emerging as a key strategy for organizations to continuously discover and assess their assets, misconfigurations, and vulnerabilities, helping prioritize mitigation efforts.
  • 🔑 Continuous assessment by cyber insurance providers, using telemetry from various sources, allows for more accurate risk evaluation and personalized policy offerings, potentially leading to better terms for policyholders.
  • 🔮 Looking forward, the panel predicts that ransomware and extortion tactics will continue to evolve, emphasizing the need for ongoing vigilance, improved data science for threat detection, and the mainstream adoption of cybersecurity best practices.

Q & A

  • What is the main focus of the discussion between Eric Skinner and Theresa Le?

    -The main focus of the discussion is the evolution of the cyber insurance market and how it is getting better at assessing risk in the context of a chaotic few years in cybersecurity.

  • What is Trend Micro's current focus in cybersecurity?

    -Trend Micro is currently focusing on areas like Extended Detection and Response (XDR), attack surface management, and cloud security.

  • What is Cowbell Cyber and what role does Theresa Le hold there?

    -Cowbell Cyber is a cyber insurance provider in the InsureTech space, and Theresa Le is the Chief Claims Officer at Cowbell Cyber.

  • How has the cyber insurance landscape changed in recent years?

    -The cyber insurance landscape has changed significantly with increased claims due to severe breaches and ransomware attacks, leading to higher rates and more difficulty in obtaining cyber insurance.

  • Why is the insurance industry interested in promoting best practices and risk mitigation?

    -The insurance industry is interested in promoting best practices and risk mitigation to foster adoption of safer measures, reduce the frequency and severity of claims, and maintain a sustainable business model.

  • What are some of the challenges faced by the cyber insurance industry in assessing risks?

    -Some challenges include the dynamic nature of cyber risks, the outdated nature of questionnaires used for risk assessment, and the difficulty in capturing the real-time state of an organization's cybersecurity posture.

  • What is the impact of ransomware on small to medium-sized enterprises?

    -Ransomware has a significant financial impact on small to medium-sized enterprises, with an average impact of half a million dollars to an organization.

  • How do attackers use AI and machine learning to improve their phishing and BEC attacks?

    -Attackers use AI and machine learning tools like Chat GPT to write more convincing phishing and BEC emails in various languages, making it harder for employees to recognize these threats.

  • What is the significance of continuous assessment in the context of cyber insurance?

    -Continuous assessment allows cyber insurance providers to collect real-time data on an organization's security posture, enabling more accurate risk assessment and the ability to offer tailored insurance products and services.

  • What are some of the emerging trends in the cyber insurance industry?

    -Emerging trends include the use of data science for better risk assessment, continuous monitoring of policyholder's security posture, and a shift towards a more collaborative relationship between insurers and policyholders to improve cybersecurity practices.

  • What advice do Eric and Theresa give to organizations preparing for cyber insurance renewal or application?

    -They advise organizations to start early, work closely with brokers and insurers to understand their requirements, and consider implementing attack surface management to get ahead of the assessment process.

Outlines

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード

Mindmap

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード

Keywords

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード

Highlights

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード

Transcripts

plate

このセクションは有料ユーザー限定です。 アクセスするには、アップグレードをお願いします。

今すぐアップグレード
Rate This

5.0 / 5 (0 votes)

関連タグ
Cyber InsuranceRisk AssessmentCybersecurityTrend MicroCowbell CyberAttack SurfaceData BreachesRansomwareIncident ResponseInsurance RenewalSecurity Controls
英語で要約が必要ですか?