ISO/IEC 27102 Cyber Insurance

Book a demo

close,up,image,of,woman,hands,typing,on,laptop,computer

Information security and cyber risk have risen to prominence in recent years, and their potential impact should not be overlooked. With increased emphasis on how businesses must defend themselves and increased scrutiny on what must be done to handle the future effects of a cyber incident, insurance is becoming an increasingly valuable component of the solution. However, there are issues.

For instance, businesses purchase cyber insurance under the expectation that it will automatically protect them against the risks they face, but how will the insurance industry be certain that their customers are playing their part to maintain the cover provided?

We continue to hear stories of organisations failing to take even the most minimal of compliance steps to protect and sustain their security capability. This is what ISO 27102 is here to achieve.

See our platform in action

What is ISO/IEC 27102?

“ISO 27102 provides guidelines for adopting cyber insurance as a risk treatment option to manage the impact of a cyber incident within the organisation’s information security risk management framework,” according to ISO/IEC JTC 1/SC27 DIS 27102 – Information security management guidelines for cyber insurance.

What this means is that:

ISO 27102 attempts to structure the cyber insurance situation by focusing on the insured and outlining the different main procedures that can be handled or implemented as part of the measures that insurers are likely to need. The standard examines the types of losses that are insured and the safeguards that must be in effect to accommodate insurance companies.

According to ISO/IEC 27102, an ISMS “will provide the insured and insurer with information, records, and paperwork that can be used during the implementation, extension, and life of the cyber-insurance policy. The content of ISO 27102 is built on the procedures and proposed capabilities contained in the broader ISO 27000 family of information security standards, and as a result, there may be some degree of compatibility with certain organisations’ existing processes.”

ISMS.online makes setting up and managing your ISMS as easy as it can get.

Peter Risdon
CISO, Viital

Book your demo

We can’t think of any company whose service can hold a candle to ISMS.online.
Vivian Kroner
ISO 27001, 27701 and GDPR lead implementer Aperian Global
100% of our users pass certification first time
Book your demo

What is Cyber Insurance?

Cyber insurance is a type of insurance that protects against both direct losses and indirect costs caused by a cyber incident.

This includes covering the cost of notification, credit monitoring, identity theft protection, regulatory defence costs and public relations costs among other things. Cyber insurance also covers a wide variety of risks including, but not limited to: data breach, denial-of-service attacks, extortion, distributed denial-of-service attacks and ransom demands, and access to subscriber data stored on your servers by a third party.

These can quickly add up to tens of thousands of pounds if your site is hacked or some of your user data falls into the wrong hands. It’s impossible to underestimate the importance of cybersecurity today. Years ago, the biggest worry for individuals or businesses was fire, flood and accidental damage to records.

Today it’s hackers who are constantly trying to get into your systems. Just like no one could afford to be without fire insurance some years ago, it doesn’t make sound economic sense for any business or individual to try and operate without cyber insurance today.

NOTE:Cyber insurance will not resolve any of your cybersecurity concerns immediately, and it will not protect you from a cyber breach/attack. Much as homeowners with homeowner’s insurance is required to have appropriate protective procedures in effect, organisations must strive to take steps to safeguard their most valuable assets.

Cyber insurance will only assist your organisation with gaining back its footing in the event that anything cyber-related goes wrong. Apart from mitigating business interruption and offering financial security in the event of an incident, cyber insurance can assist with any subsequent legal and regulatory actions.

With ISMS.online, challenges around version control, policy approval & policy sharing are a thing of the past.
Dean Fields
IT Director NHS Professionals
100% of our users pass certification first time
Book your demo

Understanding the Potential Impact of a Cyber Incident

A cyber incident may have a number of negative consequences for an organisation.

  • This covers the financial effects of market disruption and the response and recovery costs associated with it. Of course, if you’ve taken any precautions (such as keeping the backup isolated from your network or using a storage provider specifically designed for this purpose), cyberattacks would have a lesser effect.
  • In contrast to physical accidents such as fires or thefts, cyber incidents are often not limited to a particular location. Understanding how your organisation functions and the interdependence of its various components is critical for assessing the scope of a cyber incident that could have far-reaching effects.

What is the Scope and Purpose of ISO/IEC 27102?

ISO 27102 establishes guidance that an organisation can adopt when considering buying cyber insurance as a risk control option for mitigating the effects of a cyber-incident within the information technology risk management system.

The purpose of ISO 27102 is to suggest recommendations for organisations to:

  • Consider purchasing cyber-insurance as a risk mitigation strategy for cyber-risk sharing;
  • Using cyber-insurance to aid in mitigating the effects of a cyber-incident;
  • The exchange of data and information between an insured and an insurer in order to facilitate the underwriting, reporting, and claims processes for a cyber-insurance policy;
  • Incorporating an ISMS when exchanging pertinent data and information with an insurer.

This standard is compatible with organisations of all forms, sizes, and type in order to support them in preparing for and purchasing cyber insurance. ISO 27102 also seeks to address the following:

Implementing Cyber Insurance ISO 27102 Standard

According to the World Economic Forum’s 2015 Global Risk Study, technological threats such as data theft, cyber-attacks, and technology failures rate among the top ten global economic risks.

Given the magnitude of these threats, it is critical that we begin exploring market-driven strategies for enhancing the protection of organisations that hold all of the personal information. One such approach is cyber insurance. However, a set of guidelines or framework will help organisations speak the same language when it comes to cyber insurance regardless of industry or location. This one of the core benefits of adopting the ISO 27102 standard for cyber insurance.

At ISMS.online, we leverage our expertise and cutting-edge technology to provide a cloud-based platform that enables you to demonstrate compliance with the cyber insurance standard. Our platform can help you demonstrate that your ISMS meets the basic requirements to complement your cyber insurance checklist.

ISMS.online also provide a Virtual Coach that offers 24/7 context-specific support. You can chat with us from within our platform and you’ll never take the wrong step or lose your way. Call ISMS.online on +44 (0)1273 041140 to find out more about how our platform can help you run an integrated management system that works well with your cyber insurance framework.

Download your brochure

Transform your existing ISMS

Download your free guide
to streamlining your Infosec

Get your free guide

See our simple, powerful platform in action

The proven path to ISO 27001 success

Built with everything you need to succeed with ease, and ready to use straight out of the box – no training required!
Policies

Perfect Policies & Controls

Easily collaborate, create and show you are on top of your documentation at all times

Find out more
Risk-Management

Simple Risk Management

Effortlessly address threats & opportunities and dynamically report on performance

Find out more
Reporting

Measurement & Automated Reporting

Make better decisions and show you are in control with dashboards, KPIs and related reporting

Find out more
Audits

Audits, Actions & Reviews

Make light work of corrective actions, improvements, audits and management reviews

Find out more
Linking

Mapping & Linking Work

Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers

Find out more
Assets

Easy Asset Management

Select assets from the Asset Bank and create your Asset Inventory with ease

Find out more
Seamless-Integration

Fast, Seamless Integration

Out of the box integrations with your other key business systems to simplify your compliance

Find out more
Standards-Regulations

Other Standards & Regulations

Neatly add in other areas of compliance affecting your organisation to achieve even more

Find out more
Compliance

Staff Compliance Assurance

Engage staff, suppliers and others with dynamic end-to-end compliance at all times

Find out more
Supply-Chain

Supply Chain Management

Manage due diligence, contracts, contacts and relationships over their lifecycle

Find out more
Interested-Parties

Interested Party Management

Visually map and manage interested parties to ensure their needs are clearly addressed

Find out more
Privacy

Strong Privacy & Security

Strong privacy by design and security controls to match your needs & expectations

Find out more
 

What kind of help do you need from us?

New to information security?

We have everything you need to design, build and implement your first ISMS.

Find out more

Ready to transform your ISMS?

We’ll help you get more out of the infosec work you’ve already done.

Find out more

Want to unleash your infosec expertise?

With our platform you can build the ISMS your organisation really needs.

Find out more

Explore other standards within the ISO 27k family

  • 1The ISO 27000 family
  • 2ISO 27002
  • 3ISO 27003
  • 4ISO 27004
  • 5ISO 27005
  • 6ISO 27008
  • 7ISO 27009
  • 8ISO 27010
  • 9ISO 27014
  • 11ISO 27013
  • 12ISO 27016
  • 13ISO 27017
  • 14ISO 27018
  • 15ISO 27019
  • 16ISO 27038
  • 17ISO 27039
  • 18ISO 27040
  • 19ISO 27050
  • 20ISO 27102

100% of our users achieve ISO 27001 certification first time

Start your journey today
See how we can help you

Explore ISMS.online's platform with a self-guided tour - Start Now