What can organizations do to lower their cyber insurance premium (apart from switching providers)?

Security Strategy & RoadmapGovernance, Risk & Compliance
1.4k viewscircle icon2 Comments
Sort by:
Principle Consultant in IT Servicesa year ago

Start working with your insurance company and understand what they are looking for in your security program and build it.

Director of Information Securitya year ago

They should perform BIA and identify cost associated with critical risk if not mitigated to evaluate the total value of cyber risk based on which they can take the cyber insurance.  There are many other means but the simplest one is to start performing Business Impact Analysis.

Content you might like

Does your IT team or your HR team absorb the costs of HR technology?

Read More Comments

‘AI’ Business Model – With many components flowing into the AI domain (cost, data, E&C, people, value, strategy, duplication of everything, etc.), I’ve started to think about splitting out ‘AI’ from the operating model and putting it into a separate legal entity. This way, I could manage a) risk and compliance, b) cost, c) resource allocation, d) governance, e) IP, f) revenue generation, etc.

Of course, this isn’t new in general, but I’m especially interested in how this approach could help with the ongoing challenge of ensuring compliance with data privacy and regulations related to LLMs and data access/usage over time.

My question: Is anyone else thinking about this, or has anyone already done it? I know there are examples in the literature, but I wanted to float this here for general comments and discussion.

Has your company pursued any cybersecurity accreditations or certifications strictly for cyber insurance policies? (select all that apply)

Yes, we have pursued new accreditations or certifications strictly to help reduce our cyber insurance premiums25%

Yes, we have pursued new accreditations or certifications strictly to obtain cyber insurance54%

No, we have not pursued new accreditations or certifications strictly for reasons related to cyber insurance38%

We do not have cyber insurance10%

Not sure1%

View Results

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

What is the top data governance issue?

Limited resources11%

Siloed data40%

Lack of leadership23%

Poor data quality & context18%

Lack of data control5%

Other (please explain in the comments)

View Results