Cyber Insurance , Governance & Risk Management , Video

How Cyber Insurers Evaluate Security Measures

Tokio Marine HCC's Keith Bergin on Cybersecurity Measures for Insurance Eligibility
Keith Bergin, vice president, corporate claims, Tokio Marine HCC

Faced with a changing threat landscape, cyber insurers are increasingly focusing on assessing a company's security measures before issuing a policy. The deployment of multifactor authentication is a primary focus, said Keith Bergin, vice president of corporate claims at Tokio Marine HCC. Other key areas for risk assessment include administrative access control and patch management.

See Also: Navigating Cybersecurity with an Effective SOC

These security measures are foundational for organizations of all sizes, from SMBs to Fortune 50 companies, Bergin said. He stressed the importance of assessing the insurance provider's capabilities and experience in handling cyber-related claims and prioritizing preparedness and resilience in the event of a breach.

For insurers, it is important to do a risk assessment to identify the "barrier to entry to insurance." "When we're assessing that risk, if you tip the scales too far in the wrong direction, we're not going to be able to provide a quote," he said. "So those are some of the base-level things that we look for just to be able to become partners and offer a policy."

In this video interview with Information Security Media Group at ISMG's North America Midwest Summit, Bergin also discussed:

  • The role cyber insurers play in providing threat intelligence and pre-breach mitigation services;
  • How CSOs can leverage insurance carriers to save on security technology;
  • The role of technical debt in risk assessment.

Bergin has more than 15 years of experience across the property and casualty domain. He is experienced in building, structuring and establishing industry best practices and educating policyholders in understanding organizational risks.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.