The Intersection of Third Party Risk and Insurance

A Q&A with Matthew Cherian of BitSight
Third party data security risk continues to grow and even mature enterprises struggle to contain this unwieldy challenge. For cyber insurers, it’s becoming increasingly urgent to find better tools for assessing third party vendor risk when underwriting for a policy. To learn more about why and how this should be done, I spoke with Matthew Cherian, Vice President of Strategic Partnerships of BitSight. 

Continue Reading

Protecting Executives from Compromise

A Q&A with Chris Pierson, CEO of BLACKCLOAK
Increasingly, cyber criminals target corporate executives and high net worth individuals not inside their well protected work environments, but at home, where they are most vulnerable. We spoke with Dr. Chris Pierson, CEO of BLACKCLOAK about the risks organizations face, and how they can better defend targeted individuals against bad actors.

Continue Reading

Cyber Risk and the Construction Industry

A Q&A with Douglas Clare of FICO
A joint effort between FICO and the U.S. Chamber of Commerce, the Assessment of Business Cybersecurity (ABC) offers a benchmark for analyzing the security readiness of American business against cyber attack. When the first quarterly installment was released in late 2018, the construction industry scored highest among the reviewed industries, demonstrating the least amount of cyber risk. We spoke to Douglas Clare, Vice President of Cyber Security Solutions at FICO, about why this industry stands out but also why more can be done to protect it.

Continue Reading

Quantifying Cyber Risk

A Q&A with Peter Armstrong of Munich Re and Julie Eichenseer of Guidewire: Cyence Risk Analytics
At the NetDiligence® Cyber Risk Summit in Philadelphia, Julie Eichenseer of Guidewire: Cyence Risk Analytics and Peter Armstrong of Munich Re participated in a panel on cyber risk quantification, discussing how current approaches to evaluating cyber risk can better help the insurance industry and its clients improve their cybersecurity posture. We spoke with them about some of the topics they covered.

Continue Reading

Ransomware, To Pay or Not To Pay

A Q&A with Winston Krone, Kivu
Unfortunately, for now, it appears that ransomware attacks, wherein hackers encrypt data and hold the decryption key for a sum of money, are here to stay. That leaves the attacked organization with a tough quandary: whether or not to actually give in to the criminal’s demands. We talked to Kivu’s Winston Krone about the latest thinking on when it’s appropriate to pay the ransom.

Continue Reading

eDiscovery and Data Breaches

A Q&A with Carolyn Purwin Ryan of Cipriani & Werner and Larry Brown of Epiq
When used in the wake of a data breach, eDiscovery tools can help companies manage their legal and regulatory risks through the inventory of compromised sensitive information. At the Net Diligence Cyber Risk Summit, we spoke to Carolyn Purwin Ryan of Cipriani & Werner and Larry Brown of Epiq about how these technologies help companies improve both incident response and litigation readiness.

Continue Reading

New HHS Guidance Combats Cyber Threats in Healthcare

A with Reece Hirsch of Morgan Lewis
Late last year, the U.S. Department of Health and Human Services (HHS) released voluntary cybersecurity standards that help bring the HIPAA Security Rule into focus and up to date with current cyber threats. The new guidance could also have implications for the way “reasonable standards” are legally defined going forward. We spoke with Reece Hirsch, co-head of the Privacy and Cybersecurity practice atMorgan Lewis, about the guidance and its advantages for healthcare organizations.

Continue Reading

GDPR So Far

A Q&A with Ian Birdsey of Pinsent Masons
The European Union’s General Data Protection Regulation (GDPR) has been implemented for over a year, and we can now start to understand just how this sweeping law is being enforced and the ways it has positively impacted data security. We posed these questions to Ian Birdsey, data protection specialist and partner of Pinsent Masons, LLP.

Continue Reading

Measuring Up to NIST CyberSecurity Framework

A Q&A with Matt Barrett, COO of Cyber Engineering Services Incorporated (CyberESI) First introduced in 2014, the National Institute of Standards and Technology (NIST) CyberSecurity Framework (CSF) has since become a widely held best practice far beyond the commerce industry. To get some perspective on the framework and how it’s evolved over the past five years, we talked to Matt Barrett, who was the program manager for CSF. (Note: Barrett currently serves as COO for Cyber Engineering Services Inc (CyberESI), a cyber risk management firm.)

Continue Reading

Tuning in to Silent Cyber

A Q&A with Scott Stransky of AIR Worldwide
The exposures associated with cyber incidents and losses reach far and wide, including a whole category of risk called “silent cyber.” With traditional policies offering ambiguous coverage for cyber events, insurers and their insureds face a significant amount of gray area for these risks, which have now become commonplace. To better understand silent cyber and what can be done about it, we talked to Scott Stransky, vice president and director of emerging risk modeling at AIR Worldwide.

Continue Reading

No more posts.