What your cyber risk profile tells insurers

The purpose of a cyber risk profile is to assess your organization's insurability. The work you do upfront can go a long way toward ensuring you get adequate cyber insurance coverage and a better rate to boot.

insurance umbrella protection

A cyber risk profile is a complex measure of an organization's security posture. It paints a picture of your risk related to technical aspects such as network and system security liability and network interruption, as well as more organizational aspects such as cyber defense maturity.

Although many organizations develop their own risk profiles for internal uses — like improving security — cyber insurance carriers use cyber risk profiles as a tool to determine risk when writing policies. A carrier takes the results of an organization's assessments and creates its own profile, incorporating additional information that develops a deeper understanding of that organization's risk.

According to Julian Waits, CEO of cyber risk advisory firm PivotPoint Risk Analytics, "The first thing an insurance company does when building a cyber risk profile [on a prospective insurant] is to determine if the house is on fire or not. Are there things that are obviously wrong with a given environment from a security perspective, from an end-user training perspective, from the maturity of the executive perspective that says we should be leery of covering a risk in this environment?"

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.