Contact Us

Math Captcha   + 66 = 74

* Required Fields

Contact Us

The Evolving Cybersecurity Insurance (and Assurance) Perspective

The Evolving Cybersecurity Insurance (and Assurance) Perspective

OCTOBER 20, 2015

I recently participated as a panelist at a cyber-liability seminar with industry colleagues and partners. In attendance, there were nearly 150 professionals responsible in some manner for their company’s cybersecurity and/or insurance programs. Although many attendees had a firm grasp of cybersecurity and the challenges it presents, the resonating theme of the seminar as evidenced by the nature of their questions was, “What is the best way for us to holistically address all aspects of cyber security?”


LockCyberWithout a doubt, the cybersecurity insurance landscape is very confusing at the moment.

  • “Do we need it?”
  • “What are the coverage pros and cons?”
  • “Will a policy help my company during (and post) breach?”
  • “Does my existing ‘general insurance’ cover such activities?”

There are many due diligence activities required in order to answer these questions and with the ever-evolving exposure scenarios (e.g. “zero” day threats) targeting companies, it raises the question, “How much insurance will be enough?”

Just as other insurance aspects of our personal and corporate lives have undergone many calibrations over time (due to legislation, public opinion, compliance, etc.); I suspect that the cybersecurity insurance framework will undergo a similar evolution.

However, one significant take away from the seminar was learning the important first step all companies should take – model their cyber assets and associated business processes to the most applicable security risk management framework appropriate for them and their industry. Whether it is ISO 27001 or NIST, the practice of objectivity while undertaking these programs will not only illuminate a company’s cybersecurity strengths and weaknesses (which, most likely will be a necessity to establishing cyber liability policy deductibles), but it will also prepare a company for the critical steps it must take throughout a breach experience.

As experts have said; it is no longer a question of “if” we will get breached, but, unfortunately, a matter of “when.” Rather than relying on evolving cyber “insurance” policies, take advantage of risk management processes for an overall “assurance” of your company’s ability to recover from a potentially, devastating business disruption.

About the author


Ron Chandler is vice president of enterprise solutions at Guidepost Solutions.  He has more than 30 years of experience designing and implementing enterprise security systems; physical and information technology programs; and security into corporate cultures and infrastructures. He is responsible for cyber security services, global master planning, command and control programs, and managed services programs either as standalone service offerings or as an integrated suite of solutions. Ron can be reached at


Please enter your email to subscribe. By doing so, you are opting-in to receive news from Guidepost Solutions LLC.

Math Captcha   94 − = 85