Cyber Insurance and Its Role in Mitigating Cybersecurity Risk
Software Engineering Institute
The goal of any cybersecurity investment is to reduce the potential impact from cyber risk. Initial investments should be in capability development—the implementation of controls to protect and sustain operations that depend on technology. As capability increases, additional capability investments produce diminishing returns—the curve flattens. At that point, investment in cyber insurance becomes an efficient means to further reduce risk.
In this podcast, Jim Cebula, the Technical Manager of CERT’s Cybersecurity Risk Management Team, and David White, Chief Knowledge Officer with Axio Global, discuss cyber insurance, its potential role in reducing operational and cybersecurity risk, and how organizations are using it today. We also discuss ongoing CERT research on this topic.
About the Speaker
Jim Cebula is an SEI alumni employee.
Jim Cebula is the Technical Manager of the Cybersecurity Risk Management Team within the CERT Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Jim's current work focuses on risk management and information resilience, critical infrastructure …Read more
David W. White is an SEI alumni employee.
David W. White is a founder and senior executive at Axio Global. He oversees the firm’s cyber risk engineering services and is responsible for the frameworks and methods that guide the organization’s cybersecurity services.
Previously, David worked in the CERT Program at …
Julia Allen is an SEI alumni employee.
Julia Allen is a principal researcher within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen’s areas of interest include operational resilience, security governance, and measurement and analysis. Prior to this technical assignment, …Read more