Mistakes will no longer be a death sentence for cyber professionals.
In a world where the responsibility to ensure cybersecurity is becoming more urgent every day, many companies provide insurance for top managers, such as CEOs or board members. However, information security professionals (CISOs) are often left out of this protection.
American insurance company Crum & Forster, based in New Jersey, has introduced a new product designed to address this gap. CISOs will now be able to protect themselves from financial risks associated with professional liability.
Nick Econominides, Vice President of eRisk at Crum & Forster, explained that information security professionals are often not among the corporate officers protected by standard directors and officers (D&O) liability policies.
"CISOs find themselves in a losing situation," Economidis said. "If everything works smoothly, it is taken for granted. But as soon as a failure occurs, they become the main culprits, which entails serious financial risks."
The new policy covers a wide range of CISO activities, including consulting for the company and its subsidiaries, as well as third-party projects such as volunteering in IT security.
Particular attention is paid to protection against regulatory risks. For example, the policy takes into account the requirements of the US Securities and Exchange Commission (SEC) for the disclosure of information about cyber threats. This helps the CISO to minimize legal liability, including civil and criminal cases.
The cost of insurance ranges from $3000 to $5000 per year per insured person and depends on the level of coverage, the type of company (private or public) and the experience of the organization.
The features of the policy include a zero deductible for legal costs, which allows you to quickly start protection in case of claims, as well as defense in criminal proceedings.
An example of the need for such solutions was the recent case against SolarWinds, in which its CISO was targeted by the SEC due to cyber security holes. And while most of the charges have been dismissed, the case demonstrates the growing pressure on security professionals.
The Crum & Forster initiative could be an important step towards improving the security of the CISO, whose role is becoming increasingly important against the backdrop of many threats in cyberspace.
Source
In a world where the responsibility to ensure cybersecurity is becoming more urgent every day, many companies provide insurance for top managers, such as CEOs or board members. However, information security professionals (CISOs) are often left out of this protection.
American insurance company Crum & Forster, based in New Jersey, has introduced a new product designed to address this gap. CISOs will now be able to protect themselves from financial risks associated with professional liability.
Nick Econominides, Vice President of eRisk at Crum & Forster, explained that information security professionals are often not among the corporate officers protected by standard directors and officers (D&O) liability policies.
"CISOs find themselves in a losing situation," Economidis said. "If everything works smoothly, it is taken for granted. But as soon as a failure occurs, they become the main culprits, which entails serious financial risks."
The new policy covers a wide range of CISO activities, including consulting for the company and its subsidiaries, as well as third-party projects such as volunteering in IT security.
Particular attention is paid to protection against regulatory risks. For example, the policy takes into account the requirements of the US Securities and Exchange Commission (SEC) for the disclosure of information about cyber threats. This helps the CISO to minimize legal liability, including civil and criminal cases.
The cost of insurance ranges from $3000 to $5000 per year per insured person and depends on the level of coverage, the type of company (private or public) and the experience of the organization.
The features of the policy include a zero deductible for legal costs, which allows you to quickly start protection in case of claims, as well as defense in criminal proceedings.
An example of the need for such solutions was the recent case against SolarWinds, in which its CISO was targeted by the SEC due to cyber security holes. And while most of the charges have been dismissed, the case demonstrates the growing pressure on security professionals.
The Crum & Forster initiative could be an important step towards improving the security of the CISO, whose role is becoming increasingly important against the backdrop of many threats in cyberspace.
Source
