CypherCon 2023

Ensure Your Cyber Insurance: A 4 phase approach to negotiating cyber liability policies & underwriting requirements

Walt Powell


Cyber liability insurance remains one of the best ways to buy down risk but the modern ransomware landscape has made coverage difficult to obtain or even out of reach for some. This session will explore common underwriting challenges and provide a 4 step roadmap for how to apply for, right size, understand, negotiate, and then align your policies to your incident response plan.

Session Detail

The session will start by introducing the problem, briefly explaining why cyber liability coverage costs and requirements are on the rise, and sharing some real-world anecdotes of orgs negatively impacted. Then introduce the top 5 challenges organizations face when trying to purchase cyber liability coverage: Cost, Application Process, Not understanding their coverages,  risk, or requirements. We will then lay out a 4 phase process to meet those challenges. Phase 1 Discovery, Phase 2 Application & Prequalification, Phase 3 Coverage Comparison & Purchase, and Phase 4 Claim Readiness

Phase 1 will discuss how to examine existing coverages, measure inherent risk, determine risks exceedance of  loss tolerances, and how to translate that into a set of coverage requirements. Phase 1 will also discuss other options including self-insurance, captive insurance, and capital holding adjustments.

Phase 2  will explore the most common sets of controls underwriters are expecting organizations to have/put in place. Then share some best practices for filling out the application forms and discuss the consequences of potential insurance fraud that could result from poorly prepared applications. Lastly, phase 2 will cover expectations and negotiation tactics for dealing with controls or scorecard remediation requests from underwriters.

Phase 3 will dig into the language of policies, defining the most common first and third-party coverage types. We will describe the terms policies utilize to define coverages including Sub-limits, Waiting Periods, Prior Acts, and Subrogation Waivers. We will also explore some of the common but little know exclusions like Breach of Contract, Physical Destruction, and Officer Liability. I will also share a spreadsheet-based tool I use to compare and score policies. That will lead to a discussion of negotiation tactics and items that can often be easily redlined.

Phase 4 provides guidance for ensuring claim readiness. We point out the proactive resources that can be found in most policies and how to make the most of them. Then highlight the common claim processes and strategies for aligning incident response plans to claims requirements. Then look at the roles of panel providers and discuss the pros and cons of building your own team and establishing retainers. We will conclude with a brief discussion of the role of breach coaches and ransomware brokers and guidance to partner with both internal and external counsel prior to Q&A.

Walt Powell

Cyber Insurance

Walt Powell is an accomplished cybersecurity expert and executive coach who specializes in providing executive guidance around risk, governance, compliance, and IT security strategies.
Walt has more than a decade of experience as a cyber practitioner and security leader. He is currently a Field CISO at CDW and a founding member of the CDW Global Security Strategy Office. Prior to CDW Walt was the owner and a vCISO at Left Brain Security. Through these roles, he has had the opportunity to learn from and contribute to hundreds of CISOs and their programs. Walt holds dozens of professional certifications including CISSP, CISM, Carnegie Mellon – Heinz CISO, the Stanford Advanced Cybersecurity Certificate, and many more. He taught CISSP and CISM boot camps for years and is a member of several certification exam development committees. Walt is also an accomplished musician and father who loves to spend time with his kids.