Cybersecurity is Moving from a

Reactive Model to a Proactive Model

An important element of a cybersecurity plan is

to purchase a cyber insurance policy or cyber insurance rider on your current policy.

Following a logical order of assessments and implementing security measures

will ensure the lowest cyber insurance premiums.

Key activities in determining the appropriate amount of cyber insurance

are modeled in our Cyber Risk Ecosystem

Cyber Risk Ecosystem

White Paper Cybersecurity for the Board of Directors
nationality and cybersecurity

Cyber Insurance Services

For perspective, in 2016, Evolver reviewed and compared the applications of cyber insurance policies from major insurance carriers.


Most cyber insurance carriers asked for proof of the following items:
  • Business continuity and disaster recovery plan
  • Patch update process
  • Annual security awareness training for employees
  • Questions about third party vendors (large and comprehensive variety)
  • Risk assessment methodology including at least an annual review of risks


Many cyber insurance carriers asked for proof of the following items:


  • A process for removing access privileges upon termination before the user leaves the premises
  • Firewall questions
  • Anti-malware solutions
  • Data back-up process
  • Intrusion detection
  • Data – retention policy, handling policy, labeling policy, storage, and security

A proactive measure is to procure a cyber insurance policy. Evolver recommends every organization procure cyber insurance, and can assist in completion of the application.

  • Cyber Insurance Application Support
  • Forensics for Claims Resolution
  • Risk Mitigation for Premium Reduction
  • Trend Analysis for Risk Evaluation
  • Litigation Support for Liability Actions

In order to confidently know how much cyber insurance an organization needs, Evolver performs a risk quantification that identifies your highest areas of vulnerability to cyber attack from a financial perspective.

  • Quantification of Cyber Risk
  • Core Business Threat Evaluation
  • Legal/Regulatory Analysis

Evolver’s tactical assessment for cyber insurance includes many activities:

  • Policy, Procedures and Strategies
  • Critical Asset Identification
  • Data Mapping and Risk Evaluation
  • Architectural Review
  • Vulnerability Assessment
  • Personally Identifiable Information/ Data Loss Prevention

Organizations of every size are prone to cyber attack. Evolver offers a cybersecurity program adjusted for the size and risk levels associated with each enterprise. Each cyber plan includes:

  • NIST Cyber Work Flow: Identify, Protect, Detect, Response, Recover (IPDRR)
  • Cyber Tools to Match Cyber Risk
  • Business Critical Protections
  • Information Governance / GRC

Cyber Insurance by the Numbers

A 2015 survey performed by Advisen1 reported that 60% of underwriters and brokers are seeing a “significant increase” in the demand for cyber insurance.

There is a plethora of data and statistics that point out the damage a cybersecurity event can have. These statistics help define a financial equation to the cybersecurity threat:

$6.5 million is the average cost of a data breach in 20152

80% of respondents in an IT professionals survey acknowledge having a cybersecurity incident3

65% of respondents said threat intelligence could have prevented or minimized the impact of that breach4

1Advisen Cyber Liability Market Trends Survey of Underwriters and Brokers, Oct. 2015

2ALM Corporate Counsel cybersecurity Report, Dec. 2015

3Spiceworks Survey of 197 IT professionals, Dec. 2015

4Ponemon Institute Survey of 692 IT and IT security professionals, September 2015, sponsored by IID