Some commercial insurance categories map intuitively to the vulnerabilities that could trigger them. Not having a sprinkler system increases the risk of catastrophic fire, and such a fire in a factory will clearly cause loss of property and interruption to business operations. It’s easy to draw the line from sprinklers to property and BI risk.
Other times, risks themselves can be hard to understand, and therefore hard to map to insurance exposure. Even if you know something about a company’s IT vulnerabilities, it can be hard to know exactly how, for an example, a poor software patching regimen impacts the threat of ransomware and therefore potential losses resulting from dealing with a ransom situation. What is software patching, anyway?
Risk Exposures: Explained
Making matters worse, many IT security exposure categories map to multiple possible insurance risks. To make sense of these complicated interactions, we put together a document that provides a basic overview of how common IT exposure categories map to insurance risks. See the first page our infographic here, and download the full PDF to see the second page with deeper explanations.