Meeting Cyber Insurance Mandates: Help for CISOs

A Structured Blog —

Today’s CISOs must surely feel as if EVERYONE is looking over their shoulder — adversaries and allies alike — probing for risk and vulnerabilities. And they would be right to feel that way.

Ransomware’s insidious rise, combined with enhanced civil and criminal penalties for negligent corporate boards and C-suite executives, placed CISOs under more pressure than ever before to identify, document, communicate, and remediate risk. As a standard best practice, they have to do this for the safety and security of their organization. But there’s a new wrinkle to this mandate: the cyber insurer.

Self-Assessments and The Cyber Insurer

Cyber insurers are the latest entity to join federal regulators in demanding greater transparency and accountability of cyber risk, and they hold a lot of power. If not satisfied with an organization’s efforts, they can limit or deny coverage, significantly raise premiums, and even deny claims.

So what is an earnest, hard-working CISO to do?

A good place to start is with a self-assessment based on a rigorous accounting of security across the enterprise. Think multi-factor authentication, network segmentation, data encryption, end-user awareness training, robust threat detection and remediation tools, and a 24x7x365 security operations center (SOC) – just to name a few. (For additional reading, check out this article for Dark Reading by SecureAuth CEO Paul Trulove titled “10 Key Controls to Show Your Organization is Worthy of Cyber Insurance.”)

If this kind of assessment seems just out of reach for the time or in-house personnel you have available, please consider working with Structured. Our Governance, Risk and Compliance (GRC) team, frequently works with companies to conduct comprehensive risk and compliance assessments.

Structured’s GRC offerings:

  • Identify regulatory compliance needs or gaps.
  • Provide objective evaluations of your security controls, mechanisms and goals in comparison to best practices.
  • Review or develop cybersecurity policies and procedures.
  • Offer actionable recommendations for optimizing IT resources and managing compliance.
  • Help you meet requirements imposed by cyber insurance firms.

This team also offers security services like penetration testing and social engineering (phishing/vishing) if you want to assess and validate your current security environment.

Finally, if you are in the market for managed SOC services as a way to help lower your cyber insurance premiums, Structured offers that, too. Structured Managed Services maintains the prestigious American Institute of CPAs (AICPA) SOC 2 Type 2 certification.

Interested in improving your ability to retain cyber insurance and perhaps lower your premiums? Contact your Structured account manager today or email