Security News > 2022 > June > Cyber Risk Retainers: Not Another Insurance Policy

Pure IR retainers typically don't offer security leaders flexibility to maximize their investment, but by being permitted to use credits toward preparedness, testing, simulations and so forth, cyber risk can be mitigated.

There are three key elements to achieving an effective cyber risk retainer: negotiation, structure and execution.

The best cyber risk retainers are collaborative exercises.

With most infosec teams critically understaffed, those in your retainer team can become a valuable resource for advising on and prioritizing key cyber resilience issues.

An additional benefit of a longer-term retainer relationship is that the cyber practitioners are afforded the opportunity to learn about a client's cybersecurity program and the context in which it exists.

True cyber risk retainers allow organizations to do this in a way that not only improves resilience in theory, but equips teams with the practical intelligence to do the very best job they can, both in a crisis and business-as-usual environment.

News URL

https://threatpost.com/cyber-risk-retainers-not-another-insurance-policy/179895/