Ensuring a company has the security controls to qualify for a cyber insurance policy often falls under Chief Information Security Officer’s (CISO) purview. However, in many large organizations, cyber insurance is more of a business issue negotiated by the general counsel, with the CISO taking a back seat. Even more, many small to mid-size businesses might not have a corporate CISO position, resulting in fewer resources to cover any vulnerabilities.
Marc Schein, national co-chair of Cyber Risk Practices and a risk management consultant at Marsh McLennan Agency, recently spoke with Dark Reading about how cyber insurance can empower CISOs and why having them at the table is vital.
"Having actual boots on the ground is critical to filling out these insurance applications," says Marc.
