8 June 2022
Author: Grant Paling
The title of this blog is rather indicative of a battle. The term “versus” suggests that doesn’t it?
But this is certainly not my intention. Orange Cyberdefense works closely with insurers, including some well-established partnerships to provide incident response services on their behalf.
We understand one another and we understand that we are here to serve those in need – namely our clients – and that in the end, we want the same thing. Sure, sometimes we don’t agree on everything. You only have to read our blog Is ransomware insurance detrimental to cybersecurity? to understand that.
The point is cyber insurers are not competing with Computer Security Incident Response Teams (CSIRT). So why are they so often pitched in battle? Quite often I hear the question coming back from potential customers of our Incident Response Retainer service “why do I need a retainer when I have cyber insurance?”
Let us look at the objectives here:
If we can compare it to another industry – you call the fire brigade and you have insurance against fire. You don’t choose one or the other. If a fire needs putting out, you don’t call the insurance company, but the insurance company does payout (provided you bought the correct coverage of course!).
Okay, so in cybersecurity, the Incident Response teams out there are not a public service. If only they were. But fundamentally the situation is the same. Call in the people to put out the fire, find out how it started and get some advice on how to prevent it from happening again.
Things are in a state of flux in the cyber insurance market right now. Whereas the value a skilled and trusted CSIRT team can bring remains a constant in the ongoing fight against cybercrime.
Cyber insurance companies are undergoing a rethinking of their policy coverage plans, whether to give up on paying ransoms completely, and look at increasing prices given the sheer number of successful cyber attacks.
The Orange Cyberdefense CSIRT teams are “in the trenches” every day. Called in to stop attackers in their tracks, to work for our customers with the sole goal of minimizing the impact and damage, then evaluating the root causes in order that they leave those customers better prepared than when we found them to deal with such disruptive scenarios.
In many cases, yes it may be. And perhaps this is where the confusion comes. But there are some key points to consider:
So if you are considering Cyber Insurance and Incident Response requirements, please do consider them. But do not consider them as competition. They are not the same and in fact, they can and do work very well together.Incident Response Hotline