You've just described the tip of a giant iceberg that, so far, hasn't made it onto the mainstream radar yet.
I don't have a great deal of insight, but have been following developments in this space. More and more IT security groups/departments/managers are starting to realize security is a risk and exposure issue, not a technology issue. I believe that as this trend grows, alternative risk management solutions such as cyber insurance will become more common. I think the challenge is the development of universally accepted standards that define just what constitutes an acceptable enterprise security program. However, many factors make this very difficult. A few are; the constant emergence of new technologies, the broad landscape of diverse and disparate systems, inherently flawed commercial software applications, and vertical specific compliance legislation.
Right now it's a big gordian knot without any easily defined path towards sorting it out. This is changing though, and it will be interesting to see how things shake out.
Jeff
ps - If I come across any interesting reference material, I'll email you offline
Nathan Ouellette wrote:
I've posted my resume to this thread before, so I won't bother with any
repeat details, but I was wondering if anyone has any leads regarding
risk technology or specifically 'cyber policies' and insurance related
endeavors. I'm currently looking for work in this field.
I have a pretty solid IT and security background, specifically a lot of
time spent in the insurance industry. I've recently landed a
semi-techincal role with a Risk Management firm and deal specifically
with liability and loss mitigation. I've been keeping abreast on the
latest insurance news and I see that more and more carriers are
providing 'cyber policies' to their clients. From what I gather,
premiums and revenue for this coverage is expected to skyrocket in the
near future. I've also read that several carriers are requiring their
clients to 'prove' they are minimizing their risk by tightening their
systems and locking down security, this of course is the equivelent of
leading a healthy lifestyle in order to obtain a smaller premium on your
life insurance policies.
The floor that I work on just happens to be divided up between my group
and several other insurance brokerage groups. On a daily basis I hear
clients asking the brokers to find them a policy for this type of
coverage, but most of the sales people seem clueless as to what's going
on in the insurance/risk marketplace with these types of policies. This
has really piqued my interest about this new market and I am now
actively seeking employment within it's realm.
My query is to anyone familiar with this line of business. This could
be a great trend for security experts as more and more companies might
be looking for experts to audit client networks in order to be approved
for coverage (even better, IT candidates who have an insurance
background). Or perhaps to brokerage houses acting as the middleman
between the carrier and the client. Does anyone have any sort of leads
or perhaps a good resource for finding careers or perhaps introducing
our talents to these insurance folks who might be just now diving into
this new marketplace?
Respectfully,
Nathan Ouellette, MCSE, CISSP
Sterling Heights, MI
[EMAIL PROTECTED]
-- Jeff Combs Alta Associates, Inc. 908-806-8442 908-806-8443 fax [EMAIL PROTECTED] visit us at www.altaassociates.com
