Crum & Forster, a New Jersey-based insurer, has introduced a specialized professional liability insurance designed to protect Chief Information Security Officers (CISOs) from personal liability claims. As cyber threats increasingly target organizational vulnerabilities, the role of CISOs has become more critical and scrutinized. This new policy aims to bridge the gap in existing coverage by addressing the unique risks faced by CISOs in their dual roles within and outside their organizations.
Crum & Forster’s initiative marks a significant shift in the insurance landscape for cybersecurity professionals. Historically, professional liability policies have focused on traditional executives like CEOs and CFOs, often overlooking the specific needs of CISOs. This omission left a gap in protection, especially as CISOs take on more responsibilities in safeguarding corporate data against sophisticated cyber attacks.
Why Do CISOs Need Specialized Insurance?
CISOs are increasingly held accountable for their companies’ cybersecurity measures. Nick Economidis, vice president of eRisk at Crum & Forster, highlighted the precarious position CISOs find themselves in, stating,
“CISOs are in a no-win situation. If everything goes right, that’s what people expect. If something goes wrong, they’re the person that everybody looks at and they’re left holding the bag.”
This specialized insurance provides them with financial protection against potential lawsuits and regulatory actions stemming from cybersecurity breaches.
What Does the New Policy Cover?
The policy offers comprehensive coverage, including zero deductible defense costs and protection in criminal proceedings. It also addresses regulatory compliance, particularly with SEC cyber disclosure rules. Additionally, the insurance extends to CISOs engaging in consulting work, whether pro bono or for a fee, thereby covering a broader range of professional activities.
How Is the Insurance Priced?
According to Economidis, the cost for this insurance typically ranges from $3,000 to $5,000 per insured individual. Factors influencing the price include coverage limits, deductibles, the public or private status of the company, and the organization’s years of experience in the industry.
This tailored approach to CISO liability insurance distinguishes Crum & Forster from other providers, offering a solution that addresses the specific challenges faced by cybersecurity leaders. By providing targeted coverage, the insurer not only protects individual CISOs but also enhances the overall cybersecurity posture of the organizations they serve.
Crum & Forster’s new policy aligns with the growing need for specialized insurance products in the cybersecurity field. As cyber threats continue to evolve, the importance of protecting those at the forefront of defense becomes increasingly paramount. This initiative by Crum & Forster may set a precedent for other insurers to develop similar offerings, further strengthening the support system for cybersecurity professionals.
