Shifting the Paradigm: Why the Cyber Insurance Industry Should Focus on Preventive Security
2024-5-14 02:0:0 Author: www.tenable.com(查看原文) 阅读量:3 收藏

Shifting the Paradigm: Why the Cyber Insurance Industry Should Focus on Preventive Security

Does your organization currently have a cyber insurance policy? Without it, you are missing a critical piece of a holistic security strategy. With increased cyberattacks and expansion in cloud and digital operational technology (OT) assets, organizations face significant costs during and after breaches. This has led to expensive claim payouts by cyber insurance providers, and, ultimately, higher premiums for customers. 

Obtaining and renewing cyber insurance policies can be a challenging and difficult process fraught with trust issues for both parties involved. Organizations must provide extensive evidence and undergo a labor-intensive process for documenting controls. Some insurers even ask for specific evidence around certain vulnerabilities. It can be risky to share this kind of sensitive information with insurers, but they also need to prove their overall cyber risk with quantifiable data. The challenge is striking the right balance of data sharing to prove maturity with minimized risk.

Traditionally, cyber insurance providers have focused primarily on ensuring customers have reactive security solutions in place, like incident response, to mitigate exposure and risk when they apply for a policy. However, the incident response cost structure is unpredictable and expensive. While incident response is an important aspect of a comprehensive cyber insurance program, it should not be its sole focus. Therefore, there is a need to shift towards preventive security measures that focus on reducing the chances of a breach in the first place. Cyber insurance providers should direct their clients to focus on preventive measures in addition to reactive measures in order to obtain a policy.

Preventive security measures help both organizations and cyber insurance providers minimize risk. Classic cyber hygiene measures can make a large impact on risk mitigation with minimal effort. These measures can include:

  • Obtaining visibility across your entire attack surface (including cloud and OT)
  • Identifying critical vulnerabilities and remediating them in a timely manner
  • Assessing roles and right-sizing permissions to minimize misuse and abuse
  • Review Active Directory configurations to mitigate potential attack paths

Proactive security platforms not only help organizations prevent successful attacks, they help customers demonstrate their cyber maturity to cyber insurance providers. Preventive measures are also less expensive than reactive counterparts with predictable pricing structures. Aligning preventive measures with cyber insurance requirements can also simplify the purchasing process through standardized reports, dashboards, risk scores, and more. While this might be a double-edged sword, the benefits outweigh the cons in the long run – faster renewal process, high fidelity data that underwriters can trust, mutual understanding of cybersecurity standards and lower premiums.

This collaboration between cybersecurity companies and cyber insurance providers empowers cyber insurance providers to better quantify and manage portfolio risk, leading to potentially reduced cyber insurance premiums and shorter renewal processes for customers. Measured Insurance, for example, offers up to a 20% reduction in premiums for organizations that demonstrate a risk-based cyber program with Tenable. When selecting a cyber insurance policy, it is important to consider the policy's coverage, cybersecurity understanding, and alignment to your organization’s preventive program. Aligning cyber insurance policies to cybersecurity best practices helps to incentivize net risk reduction. At Tenable, we think we will see more partnerships between cyber insurance providers and preventive security vendors to simplify the purchasing process, increase high fidelity data for an accurate view into an organization’s risk, and lower premiums for organizations that are able to prove their cyber maturity.

Prioritizing preventive security is crucial for cyber insurance companies and organizations alike. By deploying preventive security measures and conducting necessary cyber hygiene steps, organizations can mitigate cyber risks, improve their chances of obtaining comprehensive coverage, and potentially save money. Proactive security not only helps prevent successful attacks but also demonstrates a commitment to cyber maturity, which is highly valued by insurance providers.

Ray Komar

Ray Komar

Ray Komar is currently the Vice President of Cloud and Technology Alliances for Tenable. He has spent the last 25 years in various leadership and executive positions at cybersecurity organizations driving consulting practices or strategic partnership teams globally. He started his career in cyber with Deloitte and has worked at both VC-backed startups and global companies such as Internet Security Systems, McAfee, Symantec and CrowdStrike. Ray graduated from SUNY Fredonia with a BS in Finance and then earned his MBA from UC Irvine with a focus on information systems. He resides in Huntington Beach California, along with his two teenage daughters and a three-legged tortoise named Lightning.

Related Articles

  • Attack Surface Management
  • Budget
  • Cloud
  • Exposure Management
  • Malware
  • Metrics
  • Penetration Testing

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank You

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a Demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
In Action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management In Action

Know the exposure of every asset on any platform.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/shifting-the-paradigm-why-the-cyber-insurance-industry-should-focus-on-preventive-security
如有侵权请联系:admin#unsafe.sh