Joint FAIR Institute Sydney and Melbourne Chapter meeting
Wednesday 16th March 2022 12noon (Sydney/Melbourne)
Zoom Registration link:
2021 was a remarkable year for more than one reason. While COVID was front of mind, the cyber insurance market has also undergone significant changes thanks to high profile ransomware attacks against Colonial Pipeline and JBS Meat. Recent research from TechTarget noted 96% year-over-year increase in cyber insurance pricing. The year 2022 will be Game-On for Cyber Insurance. Whilst cyber insurance premium has gone up significantly, coverage was also significantly reduced. But this is if an underwriter is even prepared to underwrite the cover subjected to a proposal form 10 times longer than last year and complete with an independent vulnerability scan against the insured’s Internet presence! Ironically FOMO demands securing even more cyber insurance coverage in 2022 🙁
The good news is (if there is ever one) the freshly minted FAIR-CAM™ (FAIR Controls Analytics Model™) might just be the arsenal needed to fight this arm twisting game with the underwriters. FAIR-CAM™ pioneers the concept of control physiology to measure control efficacy. Comparing control efficacy is a new dimension of the security health check process to ensure investment in cyber security controls is targeted to deliver maximum return on investment in security controls. In this meeting, we will provide a high-level overview of FAIR-CAM™ launched in FAIRCON21. The expert panel will discuss practice challenges in measuring control efficacy and selecting the most valuable controls. You will have the opportunity to put your tough questions to a former regional cyber consulting head from a global underwriter to game the system in your favour.
Unfortunately, in 2021 it became more difficult to even get cyber insurance coverage. Premiums have risen sharply. By the end of 2021, cyber insurance pricing in the US increased an average of 96% year-over-year, according to data from Marsh, a New York City based insurance broker and risk advisor.
Security Health Check identifies threats against the organisation and vulnerabilities in its system which could be exploited resulting in harm and financial loss. These insights inform the design of the defence to prevent and detect attacks. The FAIR Cyber Risk Quantification Standard is a proven framework for calculating the probability of a threat materialising into an incident and the magnitude of the loss from the incident. Investment in the mitigation control is prioritised and funded based on the cyber risk appetite measured against the Loss Exceedance Curve produced from the FAIR analysis. This vigorous and scientific investment decision process compares to the heatmap analysis approach which is more likely to be overshadowed by individual opinion and value judgement.
The FAIR-CAM™ model is an extension of the FAIR standard documenting Controls Physiology Functions which describes how controls affect the frequency and magnitude of loss events. The FAIR-CAM™ model accounts for controls both with direct and indirect effects on risk, yielding a complete system view.
Source: FAIRCON21 – Jack Jones’ introduction on FAIR-CAM
Denny Wan (Sydney Chapter co-chair) will walk through the FAIR-CAM™ overview covering the FAIR-CAM™ core control domains of ‘Loss Event Controls’, ‘Variance Controls’ and ‘Decision Controls’ and a practical use case on MFA he co-presented in FAIRCON21.
Panel session
The panellists are drawn from across the cloud service, financial investment service, consulting and insurance to offer a diverse and hands-on perspective of the challenges and business benefits in selecting the most valuable controls. As discussed above, the unprecedented tightening of the cyber insurance underwriting process is a strong reason to focus on battening down the most valuable controls. Please join our panellists for a fascinating and pragmatic debate with the opportunity to put these tough questions to the underwriter, putting the shoe on the other foot.
Moderator:
Jason Ha (Melbourne Chapter Chair)
Panellists:
Find the original article here: https://www.linkedin.com/pulse/cyber-insurance-2022-game-denny-wan/