Professional Documents
Culture Documents
Erik Decker - Leverage and Demonstrate Value With Your Cyber Insurance Renewal
Erik Decker - Leverage and Demonstrate Value With Your Cyber Insurance Renewal
Erik Decker - Leverage and Demonstrate Value With Your Cyber Insurance Renewal
#BHUSA @BlackHatEvents
Learning Objectives:
#BHUSA @BlackHatEvents
Critical Controls and Foundations
Endpoint Secured, Privileged
Multifactor Email Filtering
Detection and Encrypted and Access
Authentication and Web Security
Response Tested Backups Management
• Assume • Detection and • Test and validate • Highest critical • Phish defense,
credential response, 24x7 critical functions assets first links and
compromise (Domain attachments
admins!)
The above is based on Marsh McLennan, one of the largest cyber brokerage
firms in the world
info.marsh.com/l/395202/2022-03-28/c5ncfd/395202/164985992723Bv0KAI/866595782_US_Cyber_Campaign___12_Key_Cyber_Controls_V3.pdf
#BHUSA @BlackHatEvents
Other Important Controls
Incident Awareness Asset Logging &
Patch and 3rd Party Risk
Response Training & Hardening & Network EOL Systems
Vuln Mgmt. Management
Plan & Test Phish Testing Restriction Protection
#BHUSA @BlackHatEvents
Presenting Your Program
Executive Overview Cyber Program
Mission / Vision
/ Fundamental Risk Themes &
Principles Key Strategies
Demographics
Key Financial
Metrics
Validated Ratings
& Benchmarks
Rating
Agencies Active Projects &
Key Controls
#BHUSA @BlackHatEvents
Likelihood By Event
Type Fictitious Analytics
Privacy
Business Interruption
Ransomware
$350
Total Severity Potential
Millions
$300
1 in 4 Where limits and
Event
$250 probability intersect
Average (based on
Where you will be paying (~1/25)
$200 market) you will be hit
25% out of pocket
(~1/11)
$150
(~1/5)
1 in 6.6
Event $100
$70
1 in 50 $50
15%
Event $25
$0 $5
1 in 2 Events 1 in 5 Events 1 in 10 Events 1 in 50 Events 1 in 100 Events 1 in 200 Events 1 in 500 Events
2%
Total Event Cost Average Retention Limits
#BHUSA @BlackHatEvents