What can organizations do to lower their cyber insurance premium (apart from switching providers)?

Security Strategy & RoadmapGovernance, Risk & Compliance
1.4k viewscircle icon2 Comments
Sort by:
no titlea year ago

Start working with your insurance company and understand what they are looking for in your security program and build it.

no titlea year ago

They should perform BIA and identify cost associated with critical risk if not mitigated to evaluate the total value of cyber risk based on which they can take the cyber insurance.  There are many other means but the simplest one is to start performing Business Impact Analysis.

Content you might like

Is footprinting an effective way to do vulnerability management?

Very effective1%

Somewhat effective52%

Slightly effective31%

Slightly ineffective8%

Somewhat ineffective3%

Not at all effective

Not sure yet1%

View Results

What would you say is the key component of your Security Awareness Program?

Video Training17%

Phishing Simulations63%

Infographics12%

Gaming5%

Other (please share below)

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments