Several things have happened recently which I’m taking as evidence that insurers and cyber security vendors are coming closer together in taking best practice in cyber risk mitigation and management to their joint customers. I’ve been banging on about the need to apply multiple, overlapping best practices to manage cyber risk (disaster recovery, incident management, DevSecOps…). Now it seems to be finally coming together.
Proof point #1: Specialist insurance brokers baking improvement into their offer
My friends over at trustfiducia.com have a simplified approach of ‘get cover now’ to cover risks then assess current status against best practise and drive an improvement program to reduce those risks. It seems to be working as they have hit the ground running with new business.
Proof point #2: Cyber security vendors backing their offers with insurance
We’ve seen a few vendors teaming up with insurance companies. Symantec have been active with ‘protection as a service’ deals. We’ve also seen smaller players (e.g. SentinelOne and Cymmetria) offer insurance as part of their package.
Proof point #3: People moves
We’re seeing cyber security experts working with insurance companies (as in my case where BrownGlock is working with trustfiducia.com) and experts from the risk management side move to vendors. An example of the latter is the appointment of Marcus Alldrick, who is joining the previously mentioned Cymmetria as Head of Risk. Marcus was previously Head of Digital Risk and Compliance with Lloyd’s of London. It’s a healthy sign that vendors are seeing themselves as part of business risk rather than just selling ‘cool stuff’.
It may be because the sun is shining here in the South of the U.K. this morning but all of the above leaves me feeling positive about the future for cyber risk management.
Now, where did I put my guitar. I feel the need to sing ‘kumbaya’…