Cyber Risk Quantification
October 13, 2023
In this podcast episode, we feature cyber claims examiner Toni Sukhan as she outlines the critical steps businesses must take when facing a cyber incident. Sukhan, with over 20 years of experience, stresses the immediate need to notify an insurance carrier to ensure coverage and proper handling. She details a multi-disciplinary process involving breach counsel, forensic IT experts, and forensic accountants, explaining how this team manages incidents from initial notification to investigation and recovery. Sukhan also highlights the careful and highly-regulated decision-making process involved in ransom payments, which are treated as a last resort and require thorough assessment, legal compliance, and expert negotiation to mitigate risk and ensure a safe recovery of data.
The episode particularly emphasizes the vulnerability of small to medium-sized businesses, which are disproportionately targeted by cybercriminals. According to Sukhan, the most crucial preventive measure for these businesses is maintaining viable and frequent data backups. She likens the cyber claims process to emergency room triage—stabilizing the situation, restoring systems, and then reconciling losses. This structured approach, combined with the expert management of ransom negotiations, underscores the complexity of modern cyber claims and the necessity of proactive preparation and a clear incident response plan.
#CyberClaims #Ransomware #Cybersecurity #DataBreach #SmallBusinessSecurity #Insurance #IncidentResponse
Ryan Ettridge, CEO of CyberCert, tackles a problem many organizations struggle with – cybersecurity frameworks that look good on paper but feel overwhelming or unusable in practice.
Ryan explains how AI-driven cyber certification can help organizations predict where risk is most likely to surface, prevent disruption before it becomes a claim, and protect both insureds and carriers by creating clear, defensible signals of cyber maturity.
Chart a clear path from path from compliance to real-world readiness with fundamentals covered in this episode.
Charlotte Hooper, Co-Founder and Head of Operations at The Cyber Helpline, shares how a deeply personal experience with cyberstalking led her from policing into building one of the most practical cyber victim support models in operation today.
Keith Gologorsky, Head of Public Sector at Hack the Box, shares his personal journey from computer science graduate to government analyst, recounting pivotal moments in military operations, threat analysis, and international collaboration. The discussion explores the limitations of traditional certifications, the importance of hands-on training, and the need for regularly updated, gamified learning experiences. Keith also addresses the cybersecurity skills gap, the evolving role of AI, and offers actionable advice for organizations of all sizes: prioritize cross-training and real-world practice to build resilient teams.
Sarah Flukes, CTO at Admeritia, explains cyber decision diagrams that capture how OT/ICS environments actually operate. This podcast covers origins in water utilities, why function modeling beats asset lists, cognitive effectiveness, and how these diagrams power risk assessments, incident response, and security-by-design.
Cyber & AI authority Chuck Brooks joins Jeff Edwards to give SMBs a no-nonsense playbook. Learn how agentic AI turbocharges phishing, why unmanaged IoT/OT opens doors, and the exact first steps—MFA, segmentation, backups, IR plan—that raise your resilience fast. We also cover using NIST and CMMC as practical roadmaps and when to rely on an MSP.
Erik Cernak of the Hanover Insurance Group, breaks down the myths, the market, and the must-dos of why only 4% of SMBs carry standalone cyber insurance.
