A Q&A with Matthew Cherian of BitSight
Third party data security risk continues to grow and even mature enterprises struggle to contain this unwieldy challenge. For cyber insurers, it’s becoming increasingly urgent to find better tools for assessing third party vendor risk when underwriting for a policy. To learn more about why and how this should be done, I spoke with Matthew Cherian, Vice President of Strategic Partnerships of BitSight.
Posts by:Mark Greisiger
Protecting Executives from Compromise
A Q&A with Chris Pierson, CEO of BLACKCLOAK
Increasingly, cyber criminals target corporate executives and high net worth individuals not inside their well protected work environments, but at home, where they are most vulnerable. We spoke with Dr. Chris Pierson, CEO of BLACKCLOAK about the risks organizations face, and how they can better defend targeted individuals against bad actors.
Cyber Risk and the Construction Industry
A Q&A with Douglas Clare of FICO
A joint
effort between FICO and the U.S. Chamber of Commerce, the Assessment of
Business Cybersecurity (ABC) offers a benchmark for analyzing the
security readiness of American business against cyber attack. When the
first quarterly installment was released in late 2018, the construction
industry scored highest among the reviewed industries, demonstrating the
least amount of cyber risk. We spoke to Douglas Clare, Vice President
of Cyber Security Solutions at FICO, about why this industry stands out
but also why more can be done to protect it.
Quantifying Cyber Risk
A Q&A with Peter Armstrong of Munich Re and Julie Eichenseer of Guidewire: Cyence Risk Analytics
At the NetDiligence® Cyber Risk Summit in Philadelphia, Julie Eichenseer of Guidewire: Cyence Risk Analytics and Peter Armstrong of Munich Re participated in a panel on cyber risk quantification, discussing how current approaches to evaluating cyber risk can better help the insurance industry and its clients improve their cybersecurity posture. We spoke with them about some of the topics they covered.
Ransomware, To Pay or Not To Pay
A Q&A with Winston Krone, Kivu
Unfortunately, for now, it appears that ransomware attacks, wherein hackers encrypt data and hold the decryption key for a sum of money, are here to stay. That leaves the attacked organization with a tough quandary: whether or not to actually give in to the criminal’s demands. We talked to Kivu’s Winston Krone about the latest thinking on when it’s appropriate to pay the ransom.
eDiscovery and Data Breaches
A Q&A with Carolyn Purwin Ryan of Cipriani & Werner and Larry Brown of Epiq
When used in the wake of a data breach, eDiscovery tools can help companies manage their legal and regulatory risks through the inventory of compromised sensitive information. At the Net Diligence Cyber Risk Summit, we spoke to Carolyn Purwin Ryan of Cipriani & Werner and Larry Brown of Epiq about how these technologies help companies improve both incident response and litigation readiness.
New HHS Guidance Combats Cyber Threats in Healthcare
A with Reece Hirsch of Morgan Lewis
Late last year, the U.S. Department of Health and Human Services (HHS) released voluntary cybersecurity standards that help bring the HIPAA Security Rule into focus and up to date with current cyber threats. The new guidance could also have implications for the way “reasonable standards” are legally defined going forward. We spoke with Reece Hirsch, co-head of the Privacy and Cybersecurity practice atMorgan Lewis, about the guidance and its advantages for healthcare organizations.
GDPR So Far
A Q&A with Ian Birdsey of Pinsent Masons
The European Union’s General Data Protection Regulation (GDPR) has been implemented for over a year, and we can now start to understand just how this sweeping law is being enforced and the ways it has positively impacted data security. We posed these questions to Ian Birdsey, data protection specialist and partner of Pinsent Masons, LLP.
Measuring Up to NIST CyberSecurity Framework
A Q&A with Matt Barrett, COO of Cyber Engineering Services Incorporated (CyberESI) First introduced in 2014, the National Institute of Standards and Technology (NIST) CyberSecurity Framework (CSF) has since become a widely held best practice far beyond the commerce industry. To get some perspective on the framework and how it’s evolved over the past five years, we talked to Matt Barrett, who was the program manager for CSF. (Note: Barrett currently serves as COO for Cyber Engineering Services Inc (CyberESI), a cyber risk management firm.)
Tuning in to Silent Cyber
A Q&A with Scott Stransky of AIR Worldwide
The exposures associated with cyber incidents and losses reach far and wide, including a whole category of risk called “silent cyber.” With traditional policies offering ambiguous coverage for cyber events, insurers and their insureds face a significant amount of gray area for these risks, which have now become commonplace. To better understand silent cyber and what can be done about it, we talked to Scott Stransky, vice president and director of emerging risk modeling at AIR Worldwide.