What can organizations do to lower their cyber insurance premium (apart from switching providers)?

Governance, Risk & Compliance Security Strategy & Roadmap

1.4k views2 Comments

Sort by:

Principle Consultant in IT Servicesa year ago

Start working with your insurance company and understand what they are looking for in your security program and build it.

Director of Information Securitya year ago

They should perform BIA and identify cost associated with critical risk if not mitigated to evaluate the total value of cyber risk based on which they can take the cyber insurance. There are many other means but the simplest one is to start performing Business Impact Analysis.

Content you might like

Is there a 'Silver Bullet' (formula) to arrive on business value which could be quantified from addressing a technical debt? If yes, what are the factors we need to consider arriving to the quantifiable value?

We implemented Oracle HCM recently including Redwood. Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

I'm looking for an open-source IGA solution, has anyone had any experience they can share?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%