April 13, 2015
A relentless barrage of cyberattacks has left many corporate security officers searching for a clearer, common understanding of what constitutes good security strategy, and looking to the insurance industry for answers.
Beyond a few regulated industries such as health care, most companies get relatively little official guidance on security, and ideas about best practices tend to be fragmented. Government and industry groups provide some help, but most companies are more or less free to chart their own course through the hazards of the digital era. While that can have advantages, fostering flexibility and innovation, some companies would like clearer standards. That might help strengthen defenses, improve risk management, and make it easier to defend against accusations of negligence in the event of a major breach.