Special Offer w/ OnDemand or vLive: Get a 12.9" iPad Pro, Surface Pro, or $350 Off - Top Offers of 2018


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Bridging the Insurance/InfoSec Gap: Results of the SANS Cyber Insurance Survey Released

Gaps Identified; Building Blocks to Understanding Outlined

  • Bethesda, MD
  • June 15, 2016

The fast-growing cyber security insurance market could triple in size by the end of the decade, despite communication problems that often make it difficult for information security and insurance professionals to work together. The communications gap is so wide that only 30% of underwriters and 38% of InfoSec respondents believe they even speak the same language, according to the results of the SANS Cyber Insurance Survey, conducted in conjunction with Advisen, Ltd. and sponsored by PivotPoint Risk Analytics, to be released by SANS Institute on June 21.

"As cyber insurance becomes part of more organizations' cyber resilience strategies, information security professionals and risk managers must take a holistic view of cyber security, and they must have a common framework for working with insurance brokers and underwriters. Today they don't," said Julian Waits, CEO, PivotPoint Risk Analytics. Despite the need to work closely together on policies, the survey showed that the two groups don't share a common definition of a concept as fundamental as "risk." "Closing those gaps in terminology, assessment, communication and investment will move us closer to being able to achieve that goal," says Barbara Filkins, SANS Analyst and author of the survey.

The whole field is so new and the threat environment changes so quickly that it is difficult for insurers to determine which risks pose a significant threat to a specific customer. "Legal terminology is also so new and amorphous that it is difficult to know what protections the language of an insurance policy actually provides," according to Ben Wright, a SANS senior instructor, author and practicing attorney who contributed to the report.

Both sides are working to resolve those gaps and uncertainties, Waits said. "This research provides a clear understanding of the gaps, and is an important step toward building a bridge."

This collaborative effort of SANS, PivotPoint Risk Analytics and Advisen identifies the gaps inhibiting the communities from working together effectively and provides the building blocks needed to reduce the risk of financial loss associated with cyber incidents.

"The cyber insurance market is growing rapidly, and organizations of all types and sizes now purchasing cyber insurance. Consequently, information security professionals and cyber insurance brokers and underwriters are interacting more frequently. We at Advisen are delighted to work with PivotPoint and the SANS Institute to help understand how these interactions can be more productive," said David K. Bradford, co-founder and chief strategy officer, Advisen Ltd.

Full results of the survey will be shared during a June 21 webcast at 1 PM EDT, sponsored by PivotPoint Risk Analytics in cooperation with Advisen, Ltd, and hosted by SANS. Register to attend the webcast at http://www.sans.org/webcasts/101900

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst Barbara Filkins with contributions by Ben Wright and David Bradford.

Tweet This

"Strategies, #infosec professionals and risk mgrs must take holistic views of cyber security." Register Now: www.sans.org/u/iIh

SANS 2016 Cyber Insurance Survey Results: Bridging the Insurance/InfoSec Gap- 6/21 Webcast @ 1PM ET | Register Now: www.sans.org/u/iIh

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)