Three factors are certain to influence your cyber security program today: regulations, third-party partners, and cyber insurance. Increasingly stringent requirements, exclusions, and policy premium costs may appear as a trifecta of pain launched your way from insurers. But cyber insurance is really an opportunity.

Security leaders can wield cyber insurance not only as risk transfer but as an approach for maturing security program practices within your organization. Our recently published report, The State Of Cyber Insurance, 2023, highlights differences between organizations with standalone cyber insurance policies versus cyber coverage through an endorsement versus no coverage at all. Among the highlights, we found that organizations with cyber insurance experienced fewer breaches and had better outcomes with detection and response.

But wait, there’s more! There are additional ways for organizations and security leaders to benefit from cyber insurance because of how this ecosystem is evolving and growing. For example, there are providers like Coalition and Cowbell Cyber that combine security services with cyber insurance. Cysurance insures, warranties, and certifies security solutions that meet underwriter requirements. There is also adjacent innovation happening such as with Cork, which offers warranties to managed security services providers for small- and medium-sized businesses designed as gap coverage to complement a cyber insurance policy. Then there are the value-added services and expertise that insurance brokers and carriers offer to clients. For example, some may offer a virtual CISO (a vCISO) to scan findings and questionnaires and to prioritize security actions for smaller clients that don’t have a CISO; help with incident response planning; insurance experts available to answer questions (even those not related to a claim); a training and awareness portal for policyholders; and more.

Join me at Forrester’s Security & Risk Forum, November 14 and 15 in Washington, D.C., or virtually to dive deeper into this topic. I’ll be moderating a panel discussion titled Beyond The Policy: Make Cyber Insurance Work For You, featuring Tim Smit (global privacy and cyber risk consulting practice leader, Lockton Companies), Keeley Sidow (cyber client relationship director, Woodruff Sawyer), and Jason Bredimus (VP, IT operations, and CISO, Shamrock Foods Co.). We’ll examine how you can extract greater value from your cyber insurance policy and the insurance partner ecosystem today, as well as understand current common cybersecurity control requirements and anticipate future control requirements. See you there!