A Structured Blog -- Today’s CISOs must surely feel as if EVERYONE is looking over their shoulder -- adversaries and allies alike -- probing for risk and vulnerabilities. And they would be right to feel that way. Ransomware’s insidious rise, combined with enhanced civil and criminal penalties for negligent corporate boards and C-suite executives, placed CISOs under more pressure than ever before to identify, document, communicate, and remediate risk. As a standard best practice, they have to do this for the safety and security of their organization. But there’s a new wrinkle to this mandate: the cyber insurer. Self-Assessments and The Cyber Insurer Cyber insurers are the latest entity to join federal regulators in demanding greater transparency and accountability of cyber risk, and they hold a lot of power. If not satisfied with an organization’s efforts, they can limit or deny coverage, significantly raise premiums, and even deny claims. So what is an earnest, hard-working CISO to do? A good place to start is with a self-assessment based on a rigorous accounting of security across the enterprise. Think multi-factor authentication, network segmentation, data encryption, end-user awareness training, robust threat detection and remediation tools, and a 24x7x365 security operations center (SOC)…