Cyber Risk Quantification
October 13, 2023
In this episode, Jeff Edwards and Tawana Johnson from the Safe House Initiative podcast are joined by Steven Schwartz, Chief Insurance Officer at Safe Security, to kick off their cyber insurance summer series. Steven emphasizes that cyber risk quantification (CRQ) is essential for making informed decisions about cyber insurance.
He explains that CRQ translates technical cybersecurity metrics into business-relevant financial terms, moving beyond inaccurate methods like basing limits on revenue. Every organization has a unique risk profile, making a data-driven approach crucial for balancing risk mitigation, transfer, and acceptance.
Steven highlights the FAIR Institute’s methodology as the global standard for CRQ, stressing the need to understand asset values and the business context, including often-overlooked business interruption risks. For practical CRQ, he suggests starting with basic metrics like sensitive data volume and revenue, using public breach cost data to estimate potential losses.
The conversation also covers common overlooked risks, such as third-party vendor vulnerabilities and social engineering, with the human element remaining the weakest link, now amplified by AI tool usage. Steven then introduces emerging security warranties as alternatives to traditional insurance, offering faster payouts embedded within cybersecurity products. He also discusses how insurtech MGAs are simplifying cyber insurance for SMBs, providing quick, affordable policies and incident response services.
Steven concludes by advising security leaders to quantify cyber risk in financial terms to better communicate with executives and boards, enabling smarter decisions and stronger cybersecurity.
Key Takeaways:
#CyberInsurance #CyberRisk #Cybersecurity #RiskManagement #CRQ #SafeSecurity #Podcast #TechTalk #DataSecurity #BusinessInterruption #FAIRMethodology #Cybercrime #Insurtech #SMBsecurity #RiskQuantification #StevenSchwarz #SafeHouseInitiative
Cyber risk quantification (CRQ) is essential for making informed decisions about cyber insurance. Learn how to quantify cyber risk in financial terms to enable smarter decisions and stronger cybersecurity.
Tawana Johnson delves into cyber insurance for small to mid-sized businesses, focusing on the lifecycle of cyber insurance from risk assessment to claims and litigation.
Craig Bowman dives deep into the urgent need for a federal cyber enterprise that seamlessly integrates public and private sector efforts to fortify national cybersecurity.
Daron Hartvigsen, a former technical services agent and cyber program manager for the Air Force Office of Special Investigations (OSI) shares his incredible career journey, offering invaluable insights into the evolving world of cybercrime and defense.
Luke Tenery, Partner at StoneTurn and former cybersecurity leader at Kroll, unpacks the human and technical layers of building a federal threat pursuit model.
Jeff Crume and Jeff Edwards discuss how AI is disrupting Cybersecurity and what to expect in the future. Original air date Dec. 29, 2023.
