Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
An Overview of ISO 27102 - Information security management guidelines for cyber insurance.pptx
1. ISO 27102: Information
Security Management
Guidelines for Cyber
Insurance.
Keith Spencer
Certified Lead Auditor for ISO 41001 and
45001 Management System Standards
Principal Consultant & Trainer, Cerebrii
Solutions Global
2. Current state of Cyber-threats and the insurance sector
Overview of ISO 27102: 2019 Guidelines for Cyber-insurance
01
02
03 Questions & Answers
04
6. Latin America &
Caribbean Experience
• Cyberattacks in the region have been increasing,
mainly targeting LAC financial institutions.
• The COVID-19 pandemic and the increase in digital
activity that has been generated in the region, has
further exposed the vulnerabilities of the digital
space in LAC.
• The ThreatMetrix Cybercrime Report identified Latin
America as a focus for account creation fraud, with
around 20 percent of the total volume against an
industry average of 12.2 percent.
7. Internet Penetration in Selected Territories -2021
Territory Residents Internet Users Penetration
Antigua and Barbuda 98,731 79,731 80.8%
Barbados 287,711 234,659 81.6%
Dominica 72,167 51,992 72.0%
Grenada 113,021 74,000 65.5%
Jamaica 2,973,463 1,600,520 53.8%
SVG 111,263 78,900 70.9%
Trinidad and Tobago 1,403,375 1,063,630 75.8%
Source: https://www.internetworldstats.com/carib.htm. Accessed March 31, 2022
11. Cyber-insurance Moment of Truth
Will cyber-insurance automatically
protect against the risks?
How can we be certain that
customers are playing their part to
maintain the cover provided?
For Insureds For Insurers
12. The cyber-insurance Dilemma
• Most insurance products are based on decades of
aggregated and actuarial data
• Assessing cyber risks and pricing cyber-insurance
products is difficult because of the evolving cyber
landscape and lack of historical data available to
actuaries
• In the absence of an appropriate analysis of the cyber
risk exposure, organisations can either end up with
insufficient insurance cover, or paying additional
premium for a larger cover which may not be required.
[KPMG]
13. What is ISO 27102?
“ISO 27102 provides guidelines for
adopting cyber-insurance as a risk
treatment option to manage the impact
of a cyber incident within the
organisation’s information security risk
management framework”
14. Purpose of ISO 27102
To structure the cyber insurance
situation by focusing on the insured
and outlining the different procedures
that can be implemented by insureds
as part of the measures that insurers
are likely to need.
15. Approach of ISO 27102
Examines the types of losses that are
insured and the safeguards that
insureds should implement to
accommodate insurance companies.
16. Main Clauses of ISO 27102: 2019
07 08
05 06
Provides information
and a general
description of cyber-
insurance
Cyber-insurance
Generic risk assessment
an insurer typically
undertakes as part of
its cyber-insurance
underwriting
Risk Assessment
Cyber-risks that can be
covered under a cyber-
insurance policy.
Cyber-risks
Information security
management system
data, information,
and documentation
to be shared with
insurer
Information Security Management System
17. Defines cyber-insurance as a risk treatment
option
Outline purpose/benefits of Cyber-insurance
Provides examples of typical losses covered
Insured to demonstrate compliance with
conditions imposed by the cyber-insurance
policy in relation to on-going management of
the covered cyber risks.
5. Overview of cyber-insurance and
cyber-insurance policy
19. Cyber-insurance Policy
Policy can be either stand-alone or be included
as special endorsements to a general liability,
property, or other insurance policy
Policies are not standardized and depends on
the circumstances
Examples of impacts covered [loss of
confidentiality/integrity/information/systems]
5. Overview of cyber-insurance and
cyber-insurance policy
20. Cyber-insurance Policy
Covers additional costs:
Evaluating impact of the attack
Implementation of response and recovery
plans
Legal expertise
Forensics expertise
Public relations and communications
support
Customer notification
Post incident business restoration.
5. Overview of cyber-insurance and
cyber-insurance policy
21. Expands on Clause 5
Risk management processes for cyber-
insurance
Gives more details on cyber-incident types
Expands on business impact and insurable
losses
Expands on the types of coverage, liability,
incident response costs, loss, theft or damage
to information.
Reputational damage and additional cost
covered
6. Cyber-risk and insurance coverage
22. Operational cost to manage incidents
Cyber-extortion costs
Business interruption
Legal and regulatory penalties
Contractual penalties
System damage
6. Cyber-risk and insurance coverage
23. >
Supplier risks
Silent or non-affirmative coverage
Vendors and counsel for incident response
Cyber-insurance policy exclusions
6. Cyber-risk and insurance coverage
Coverage amount limits
24. >
Clause 7 provides guidelines on underwriting of
the Cyber-insurance policy and pricing
Information collection
Cyber-risk assessment of the insured
Review of prior loss
7. Risks assessment supporting cyber-
insurance underwriting
25. >
Clause 8 provides guidelines on how the
Information Security Management System
can support Cyber-insurance
Linkage to ISO/IEC 27001 – Information
Security Techniques – Information Security
Management Systems Requirement
ISO/IEC designed to establish, implement,
maintain, and continually improve
information security
ISMS provides information for the cyber-
insurance cover
8. Role of ISMS in support of cyber-
insurance
26. >
Clause 8 provides guidelines on how the
Information Security Management System
can support Cyber-insurance
Planning – the insured determines what
risk to address
Support activities – awareness and training,
Information security policy, communication
Operation – plan and control, documented
information, change control, vendor
management
8. Role of ISMS in support of cyber-
insurance
27. >
Clause 8 provides guidelines on how the
Information Security Management System
can support Cyber-insurance
Performance evaluation – provides data on
the effectiveness of the ISMS
Improvement – addressing non-conformities
Sharing information about risks and
controls
8. Role of ISMS in support of cyber-
insurance
Meeting cyber-insurance policy obligations
28. Questions & Answers
This is a sample text. Insert your desired text
for this label of data.
This is a sample text. Insert your desired text
for this label of data.