One Week Left to Get an 11" iPad Pro, a Surface Go 2, or $300 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cyber Insurance: What is Its Role in Your Security Program?

  • Thursday, November 19, 2015 at 3:00 PM EST (2015-11-19 20:00:00 UTC)
  • Gary R. Hayslip , John Pescatore, Benjamin Wright


  • PivotPoint Risk Analytics

You can now attend the webcast using your mobile device!



Two high-profile lawsuits are today pending between enterprises and their cyber insurers. In each case the enterprise paid for so-called 'cyber insurance,' but after a cyber attack happened, the insurer ultimately said the policy did not provide significant coverage. These lawsuits raise substantial questions about the role of cyber insurance in your security program. Is the insurance worth the investment? What should it cover? What should it not cover? Does it provide benefits beyond simple 'coverage' of risk? How does it compare to other commercial insurance? How do you evaluate the different components of a policy to determine what is right for your enterprise? What is the practical meaning of the different legal clauses in a policy? What is the role of negotiation in getting a good return on investment? How does cyber insurance stack up against other risk management techniques?

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013, bringing with him over 35 years of experience in computer, network and information security. Prior to SANS, he was Gartner's lead security analyst for more than 13 years, working with Global 5000 corporations, government agencies and major technology and service providers. In 2008, John was named one of the top 15 most influential people in security and has frequently testified before Congress on issues relating to cybersecurity.

Gary R. Hayslip

As Chief Information Security Officer (CISO) for the City of San Diego, Gary advises the City of San Diego's executive leadership consisting of Mayoral, City Council, and 40+ city departments and agencies on protecting city government information resources.

Gary oversees citywide cyber security strategy and the enterprise cyber security program, cyber operations, compliance and risk assessment services. His mission includes creating a "risk aware" culture that places high value on securing city information resources and protecting personal information entrusted to the City of San Diego.

Gary is involved in the cybersecurity and technology start-up community in San Diego where he is the Co-Chairman for Cybertech, the parent organization that houses the Cyber incubator Cyberhive and the Internet of Things incubator iHive. He also serves on the board of Brier & Thorn International, a cloud based Managed Security Services Company and is Co-Chairman of Securing Our eCity's Critical Infrastructure Work-group.

Gary is an active member of the professional organizations ISSA, ISACA, OWASP, and is on the Board of Directors for INFRAGARD. Gary holds numerous professional certifications including: CISSP, CISA, and CRISC, and holds a Bachelor of Science in Information Systems Management & Masters in Business Administration. Gary has over 28 years of experience in Information Security, Enterprise Risk Management, and Data Privacy.

Benjamin Wright

Benjamin Wright is a practicing attorney based in Dallas, Texas, focusing on technology law. He serves as a senior instructor at the SANS Institute, teaching its five-day course, LEG523 Law of Data Security and Investigations. By means of that course, Mr. Wright has taught thousands of students from throughout the world. He chairs the SANS Institute’s annual Data Breach Summit. Benjamin advises diverse clients, both in the United States and outside of it, on privacy, electronic commerce and data security law.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.