- 02:43 — You do need a cybersecurity insurance policy, but it is just a backstop not a cure-all.
- 04:28 — Cybersecurity is a business continuity issue. CISOs need to speak to the C-suite in their own language.
- 07:51 — Healthcare is a hot topic in cybersecurity. Healthcare providers need to assess the security of their supply chain.
- 11:03 — When pitching for budget, know your audience. Make them aware of the business implications of a breach.
- 13:33 — Enterprises without a CISO should consider partnering with an experienced best-in-breed vendor.
- 17:49 — Boards have a fiduciary responsibility and they will increasingly be held accountable for cyber breaches.
- 19:29 — The conduit between enterprises and vendors.
Courtney discusses the concept of cybersecurity insurance as more than just a policy. She agrees that enterprises need cybersecurity insurance policies but cautions that these should be viewed as a last resort, not a catch-all. More important, she believes, is a good proactive strategy. She talks about the struggle for budget and the difficulty of CISO communication with the C-suite and the board. Her advice is that CISOs should speak to executives in language and context they understand.
In covering the hot topic of cybersecurity in hospitals and healthcare, Courtney says providers need to carefully assess the security of their supply chain and be very cautious about what they are indemnifying their partners against. Failure to do so means they’ve “opened up to a Pandora’s box, if you will, in terms of liability.”