Cybersecurity CEO: Cyber Insurance, COVID-19, and Resilient Security Programs
July 23, 2020
Tune into Cybercrime Radio for Our Advice for CISOs and Security Leaders
Los Angeles, Calif. – July 22, 2020
Earlier this year, Cybercrime Magazine invited me to speak on the Cybercrime Radio podcast to address the COVID-19 impact on businesses globally. I said it then, and I will say it now, this is truly a historic time - for all businesses, and particularly for cybersecurity. Now, months later, there is an overwhelming amount of news about our “new reality.” But what does this mean specifically for CISOs and security leaders?
We had JR Cunningham, Herjavec Group’s VP of Strategic Solutions, speak to Steve Morgan and Cybercrime Radio for an update on COVID-19, advice for cyber insurance, and building resilient security programs that can survive drastic changes like – let’s just say – a global pandemic. I listened and learned from this podcast, and you can too.
Cybercrime Radio: J.R. Cunningham, VP Strategic Solutions, Herjavec Group on Cyber Insurance, COVID-19 and the C-Suite
J.R., who was previously a virtual CISO for four Fortune 500 companies, confirmed that the most important guidance we give CISOs is to work with a cyber insurer as a true partner. Understanding where the insurer fits into your overall security program is critical.
“It’s important to include the insurance provider in incident response exercises and regularly approaching the insurance provider with questions around what types of coverages are available for various types of incidents. What’s really important is before the bad incident happens, you need to nail down with the insurer what types of coverages are important, what types of risks the organization is willing to accept, and what types of controls need to put in place.”
Insurers do much more than just writing checks, and J.R. knows it! CISOs - engage your insurance providers as true partners, especially when it comes to incident response planning.
The COVID-19 pandemic has sent millions of employees to work from home. Many of these remote workers will not be returning to their offices any time soon, or at all. This unprecedented shift has illuminated some crucial elements of a strong cybersecurity posture.
“Some of the security grunt work that is not very glamorous is now back in the limelight, such as security awareness training, good endpoint security, data protection, web filtering, etc,” says J.R. “This work is really important when we don’t have the type of control over the home network that we would in a corporate network.”
The more complicated things get, the more effective simple solutions (and cyber attacks !) can be. Security teams need to go back to basics in order to keep organizations and their remote workers safe.
Any cybersecurity program worth its salt will be aligned to the C-suite and boardroom executives.
“The most common complaint (from non-technical executives such as CFOs) is that the cybersecurity program is playing catch-up, and not adapting with the business,” says J.R. “A highly adaptable security program is great because what the bad guys are doing is changing so rapidly, so the security program needs to be able to bend and flex to accommodate changes in the threatscape as well as changes in the business and how the organization is working (i.e. moving to the cloud, digital transformation, etc.).”
J.R. drives home the point that CISOs need to be fully engaged with their CEOs and senior business leaders, and craft security programs that not only protect the organization but enable it to thrive in a perilous economy.
Every single business I know of has gone through unprecedented changes this year. Unfortunately, while we’ve been forced to shift and adapt to new norms, cyber criminals have only taken advantage of these times and targeted businesses while they’re most vulnerable. With cybercrime at an all-time high, every senior business leader must learn to be agile when it comes to their cybersecurity programs.
So, I’ll ask you – how confident are you that your organization is untouchable? Your answer should never be ‘100%’. I encourage you to spend twenty minutes with Steve and J.R. on this podcast and learn how the C-suite is adapting.
To Your Success,
Originally posted on cybersecurityceo.com