Go offline with the Player FM app!
Podcasts Worth a Listen
SPONSORED


Tech E&O and cyber insurance with Joe Brunsman
Manage episode 354924392 series 2981977
Tech E&O and Cyber insurance with:
Joe Brunsman of The Brunsgroup – Expert on Tech E&O and Cyber Insurance
YouTube channel – Joseph Brunsman
https://www.youtube.com/@JosephBrunsman
https://www.thebrunsgroup.com/
Damage Control book
https://www.thebrunsgroup.com/book2
Tech E&O and cyberMSP should have a tech E&O policy. They cover different things. What types of third-party claims will they cover? A guy on the Que recently said that he did not think that E&O was required because his customers have never asked for it. You must have a TECH E&O policy.
What is the biggest thing that you need to pay attention into the E&O policy?
Look at the definition of technology services in the policy. Everything past that point, it does not matter if the definition of technology services is correct.
Avoid the named peril policy. An all risks policy is better. These are becoming harder to come by.
Named peril: Technology services means: there is a list
You have to prove to the insurance company that what you did falls within that definition.
What do you need to look for? “Including but not limited to” contra proferentem = ambiguity is held against the draftsman. The onus is on the insurance company to prove that what you did was not covered under the definition.
How much coverage in the policy should they have?How much cyber insurance do you need? Here are the variables that I think about. – See Youtube video
Brokers – There is no legal requirement that they understand or read the insurance policies.
Average IQ of an insurance broker is 104. They do not understand what they are selling. The onus is on the business owner to ask and to get the right things.
What is your major loss event? What are we worried about? Is that even possible to insure for those issues?
Step 1: Stop relying on the insurance broker.
Step 2: Fellow decision-makers in the business, what are you worried about? Talk to the broker about that. Then the broker finds “these are the options in the cyberinsurance market that address those concerns”.
Joe: Huge proponent of defense in depth over cyber insurance. Rank order the biggest bang for the buck. Felicia has been talking about that for years and is doing a webinar on 2/9/2023 on that very topic.
Insights from plaintiff’s attorneyJoe had a great convo with a plaintiff’s attorney and got his opinion on risk management.
Risk discovery question: What is the one thing that sinks the ship in the lawsuit?
There is an internal email. You knew you were supposed to do this. But they said it was too expensive. They were not going to do that. They understood the risk and just accepted it.
What could the business do in order to circumvent that email being a death blow in the lawsuit?
Plan of implementation.
No business has unlimited resources. No business is perfectly secure. You sit down the with business owners and MSP. We need to work on a plan to better your security. You don’t have unlimited money. I am a business owner too. You need a roadmap. Everyone signs off on it. We were trying, we were getting there.
Felicia: Wow this is astonishing because this is what we have been doing with clients for 20 years. It is the type of thing that a CISO knows how to do, but few others know how to do well.
Life hack tip from Joe:
Convo with the average business owner:
Obviously you are really good at what you do. You have built this business. Build a relationship with them. The MSP is not the subject matter expert on the client’s industry. Fluff their feathers. Transition that. I asked you a bunch of questions, thank you for hearing me. Now we are going to go through this. Can we just do the same thing in reverse? If you do not understand this yet, let me know and let’s break it down.
Joe and Felicia agree:
One way or another, those controls will be implemented. Read any breach notification letter. Magically we found more money to invest in cybersecurity.
Either work on your information security program monthly at a pace that your budget can absorb, or that decision of timing and magnitude will be taken away from you.
98 episodes
Manage episode 354924392 series 2981977
Tech E&O and Cyber insurance with:
Joe Brunsman of The Brunsgroup – Expert on Tech E&O and Cyber Insurance
YouTube channel – Joseph Brunsman
https://www.youtube.com/@JosephBrunsman
https://www.thebrunsgroup.com/
Damage Control book
https://www.thebrunsgroup.com/book2
Tech E&O and cyberMSP should have a tech E&O policy. They cover different things. What types of third-party claims will they cover? A guy on the Que recently said that he did not think that E&O was required because his customers have never asked for it. You must have a TECH E&O policy.
What is the biggest thing that you need to pay attention into the E&O policy?
Look at the definition of technology services in the policy. Everything past that point, it does not matter if the definition of technology services is correct.
Avoid the named peril policy. An all risks policy is better. These are becoming harder to come by.
Named peril: Technology services means: there is a list
You have to prove to the insurance company that what you did falls within that definition.
What do you need to look for? “Including but not limited to” contra proferentem = ambiguity is held against the draftsman. The onus is on the insurance company to prove that what you did was not covered under the definition.
How much coverage in the policy should they have?How much cyber insurance do you need? Here are the variables that I think about. – See Youtube video
Brokers – There is no legal requirement that they understand or read the insurance policies.
Average IQ of an insurance broker is 104. They do not understand what they are selling. The onus is on the business owner to ask and to get the right things.
What is your major loss event? What are we worried about? Is that even possible to insure for those issues?
Step 1: Stop relying on the insurance broker.
Step 2: Fellow decision-makers in the business, what are you worried about? Talk to the broker about that. Then the broker finds “these are the options in the cyberinsurance market that address those concerns”.
Joe: Huge proponent of defense in depth over cyber insurance. Rank order the biggest bang for the buck. Felicia has been talking about that for years and is doing a webinar on 2/9/2023 on that very topic.
Insights from plaintiff’s attorneyJoe had a great convo with a plaintiff’s attorney and got his opinion on risk management.
Risk discovery question: What is the one thing that sinks the ship in the lawsuit?
There is an internal email. You knew you were supposed to do this. But they said it was too expensive. They were not going to do that. They understood the risk and just accepted it.
What could the business do in order to circumvent that email being a death blow in the lawsuit?
Plan of implementation.
No business has unlimited resources. No business is perfectly secure. You sit down the with business owners and MSP. We need to work on a plan to better your security. You don’t have unlimited money. I am a business owner too. You need a roadmap. Everyone signs off on it. We were trying, we were getting there.
Felicia: Wow this is astonishing because this is what we have been doing with clients for 20 years. It is the type of thing that a CISO knows how to do, but few others know how to do well.
Life hack tip from Joe:
Convo with the average business owner:
Obviously you are really good at what you do. You have built this business. Build a relationship with them. The MSP is not the subject matter expert on the client’s industry. Fluff their feathers. Transition that. I asked you a bunch of questions, thank you for hearing me. Now we are going to go through this. Can we just do the same thing in reverse? If you do not understand this yet, let me know and let’s break it down.
Joe and Felicia agree:
One way or another, those controls will be implemented. Read any breach notification letter. Magically we found more money to invest in cybersecurity.
Either work on your information security program monthly at a pace that your budget can absorb, or that decision of timing and magnitude will be taken away from you.
98 episodes
All episodes
×
1 Unmasking the IT Assessment Myth: Why Most Are Just Sales Tools 28:22

1 Navigating Financial Risk: Insights from Chris Bellchamber 27:22

1 Mastering Operational Maturity: The Secret to AI Success 27:31

1 Driving Cultural Change Toward Profitability and Operational Maturity 27:32

1 Mastering the AI Landscape: A Guide for Businesses 27:55

1 Survive and Thrive in 2025: Empowering Your Team with Continuous Learning 28:55

1 The Hidden Risks of Data Centers: A Deep Dive with Dr. Eric Woodell 1:23:33

1 Why You Need a CTO: Avoiding Costly Mistakes in Document Management 27:43

1 Navigating the Cloud: Unveiling the Hidden Costs and Risks 27:34

1 Exploring Network Security and AI Threats with Crystal Redmann 28:49

1 The Real Skinny on Penetration Testing: Debunking the Myths 19:03

1 Navigating the AI Frontier: Caution, Control, and Opportunity 28:29

1 Understand implications of IT procurement using cabinets as an example 29:22


1 Incident response and mitigating supply chain attacks 28:44

1 K12 Technology and Cybersecurity Challenges and Solutions 29:12

1 Practical example of how operational maturity improves productivity while reducing risk 28:20

1 Unlocking Strategic IT Investments and Information Security 1:16:18

1 Domain/DNS hosting, account ownership, security issues and TCO 58:52

1 Cyber Insurance versus Cyber Warranty 1:25:57

1 Demystifying IT Services and the Shared Responsibility Paradigm 33:45

1 How establishing requirements properly results in best outcomes 29:51

1 Operational Maturity is required to have Information Security Risk Management 2:01:30

1 Managing the impact of changing IT service providers 29:43

1 CMMC and latest DoD memo implications and far reaching effects related to FedRAMP 29:25


1 Threats to mobile devices and how to manage them, part 2 29:47

1 Physical threats to mobile phones, SIM hijacking, out of band SMS, and Yubikeys 29:34

1 How to analyze workloads and decide how they should be hosted 29:28

1 How a lack of understanding of business processes relates to adverse financial impact 29:37

1 Email security management and monitoring is critical 29:17



1 FTC SafeguardsRule, IRS requirements, and tax preparers 29:31

1 Methods to prevent business email compromise 29:30


1 PSA or ERP - paradigm and requirements analysis 50:03

1 Tech E&O and cyber insurance with Joe Brunsman 1:00:32

1 Implications of poor design on security - an example 29:15

1 Dark web monitoring and avoiding FUD decisions 1:50:09

1 The relationship between proper data handling and real risk reduction 29:35

1 Understanding vCISO services and why you need them 29:28

1 What you must do in order to prepare for a breach 39:24

1 Information Security, Cybersecurity, and Everyone’s Responsibility 29:21




1 Vulnerability management with Felicia and Dan - Part 2 54:58

1 File integrity checks (hashing) versus communications or data encryption 29:51

1 Vulnerability management that every business decision maker needs to know about - Part 1 1:03:15



1 Requirements for premise hosted assets; cybersecurity, BCDR, and more 29:35

1 Virtual Patching, Telecom Fraud, Running VM Server on NAS 29:19


1 Why real server hardware is usually the most cost-effective option 29:41

1 Resources for job candidates in cybersecurity - What you need to do to be employable 29:02
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.