Guests:
Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead at National Institute of Standards and Technology [@NISTcyber]
On Linkedin | https://www.linkedin.com/in/julie-haney-037449119/
On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ
Jason Nurse, Reader in Cyber Security and Director of Science & Research, University of Kent [@UniKent] and CybSafe [@CybSafe]
On Linkedin | https://www.linkedin.com/in/jasonrcnurse
On Twitter | https://twitter.com/jasonnurse
On Mastodon | https://infosec.exchange/@jasonnurse
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________
This Episode’s Sponsors
Imperva | https://itspm.ag/imperva277117988
Devo | https://itspm.ag/itspdvweb
___________________________
Episode Notes
In this episode of the new (first!) episode of the Human-Centered Research Series on the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney from the Human Centered Cybersecurity program at NIST, chat with Dr. Jason Nurse, a reader in cybersecurity at the University of Kent in the UK. The discussion revolves around the role of cyber insurance in organizational risk management.
Jason elucidates cyber insurance’s function as a residual risk mitigation tool when dealing with cyber attacks, helping businesses recover and connect with response teams. They discuss how cyber insurance can incentivize better security practices but highlight challenges related to assessing security postures across diverse businesses. While ransomware features heavily in discussions of cyber risks, Jason points out that insurers don't always encourage ransom payments. Julie raises the issue of accessibility of cyber insurance for small businesses and suggests insurers offer 'pre-breach services'.
Sean, Julie, and Jason debate the role of human behavior in cyber risk, and how it affects organizations and insurance policies. They underscore the value of research in enhancing security practices and conclude by pondering ways to bridge the gap between academic research and practical implementation in cybersecurity.
Key Questions Addressed:
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
Between a rock and a hard(ening) place: Cyber insurance in the ransomware era: https://www.sciencedirect.com/science/article/pii/S016740482300072X
Cyber Insurance and the Cyber Security Challenge: https://kar.kent.ac.uk/89041/1/RUSI-Kent-OP-Cyber-insurance.pdf
Mapping the coverage of security controls in cyber insurance proposal forms: https://jisajournal.springeropen.com/articles/10.1186/s13174-017-0059-y
Impact 2024: https://www.theimpactconference.com/impact-usa/
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network