Cybercrime Magazine: Interview with JR Cunningham on Cyber Insurance, COVID-19, and Resilient Security Programs

July 14, 2020

JR Cunningham, VP of Strategic Solutions at Herjavec Group, recently spoke to Steve Morgan, Editor-in-Chief of Cybercrime Magazine, about cyber insurance and how to approach your insurance provider, the key components for a strong cybersecurity program, CISO concerns over embracing a remote workforce, and more.

Highlights from the interview include:

• On cyber insurance: “The most important guidance we give to CISOs is that [working with a cyber insurer] is a partnership and understanding where the insurer fits is important. It’s important to include the insurance provider in incident response exercises and regularly approaching the insurance provider with questions around what types of coverages are available for various types of incidents. What’s really important is before the bad incident happens, you need to nail down with the insurer what types of coverages are important, what types of risks the organization is willing to accept, and what types of controls need to put in place.”
• On COVID-19 and C-suite concerns over remote work: “Some of the security gruntwork that is not very glamorous is now back in the limelight, such as security awareness training, good endpoint security, data protection, web filtering, etc. This work is really important when we don’t have the type of control over the home network that we would in a corporate network.”
• On establishing a strong security program: “The most common complaint is that the cybersecurity program is playing catch-up, and not adapting with the business. A highly adaptable security program is great because what the bad guys are doing is changing so rapidly, so the security program needs to be able to bend and flex to accommodate changes in the threatscape as well as changes in the business and how the organization is working (i.e. moving to the cloud, digital transformation, etc.).”

Listen to the full podcast episode below.