惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Visual Studio Blog
爱范儿
爱范儿
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
雷峰网
雷峰网
V
V2EX
博客园_首页
Engineering at Meta
Engineering at Meta
博客园 - 聂微东
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Apple Machine Learning Research
Apple Machine Learning Research
GbyAI
GbyAI
H
Help Net Security
A
About on SuperTechFans
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Blog — PlanetScale
Blog — PlanetScale
W
WeLiveSecurity
云风的 BLOG
云风的 BLOG
D
Docker
Security Archives - TechRepublic
Security Archives - TechRepublic
Help Net Security
Help Net Security
N
News and Events Feed by Topic
Simon Willison's Weblog
Simon Willison's Weblog
G
Google Developers Blog
A
Arctic Wolf
T
The Blog of Author Tim Ferriss
博客园 - 叶小钗
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Google DeepMind News
Google DeepMind News
博客园 - 三生石上(FineUI控件)
aimingoo的专栏
aimingoo的专栏
Hacker News: Ask HN
Hacker News: Ask HN
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 司徒正美
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy International News Feed
T
Troy Hunt's Blog
T
Tenable Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Recorded Future
Recorded Future
F
Fortinet All Blogs
D
DataBreaches.Net
B
Blog
T
Threat Research - Cisco Blogs
MyScale Blog
MyScale Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
The GitHub Blog
The GitHub Blog
Security Latest
Security Latest
M
MIT News - Artificial intelligence

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
Fragmented Cyber Risk Transfer Is Changing Board Oversight
Heather Wish · 2026-05-12 · via Forbes - Innovation
Umbrella on abstract technological background

Cyber risk transfer is fragmented across overlapping policies, exclusions and emerging protections.

getty

Cyber risk transfer used to be relatively straightforward: purchase insurance, review the limits and assume the organization had shifted a meaningful portion of its exposure. That assumption no longer holds. Today, cyber risk transfer is fragmented across overlapping policies, exclusions and emerging protections – many of which only apply if organizations can demonstrate how they responded during an incident.

For boards, that shift is significant. Cyber risk transfer is no longer just about coverage. It is about whether that coverage will hold up under testing, and whether the organization can prove it acted appropriately under pressure.

Cyber Risk Transfer Is No Longer a Single Policy

Steven Schwartz, co-founder & general partner, FireTower Risk Solutions

Steven Schwartz

A decade ago, cyber insurance was often treated as a comprehensive solution. Steven Schwartz, co-founder and general partner at FireTower Risk Solutions, explained how the market has shifted away from a single, all-encompassing policy. “Carriers priced for losses that they can model – extortion, business interruption and privacy notifications,” he said. “The losses that actually hurt companies, though, were outside that model.”

The shift has resulted in a layered system of cyber insurance, directors and officers (D&O) coverage and more targeted protections, each addressing different aspects of risk, but not always working together. “Where companies ultimately get hurt is when they have an event like a vendor breach where no single policy is designed to be first to respond, or a regulatory matter that's too small for cyber insurance but too niche for D&O insurance,” Schwartz said.

MORE FOR YOU

The exposure of individual executives, particularly chief information security officers, is a specific gap within that fragmentation. The criminal conviction of Uber CISO Joe Sullivan and the Security and Exchange Commission’s case against SolarWinds’ Tim Brown are increasingly shaping how security leaders evaluate their roles and responsibilities.

Where Cyber Risk Transfer Coverage Breaks Down

Fragmentation becomes most visible during an incident, when multiple policies are triggered and expectations collide with reality.

Schwartz explained how cyber insurance and D&O insurance interact. “A cyber incident can touch both: a cyber insurance response to a first-party loss and a D&O response when shareholders or regulators go after the directors. The interaction between the two gets messy.” Competing timelines, separate legal teams and expanding exclusions can create friction during incident response.

CEO & co-founder of BreachRx Andy Lunsford

Andy Lunsford

BreachRx CEO and co-founder Andy Lunsford reinforced that gap from a different angle, noting that even when organizations invest heavily in coverage, they often fail to meet the requirements for using it. In practice, incident response plans and insurance policies are often static documents that are not followed under real-world conditions.

The result is that coverage exists, but its effectiveness depends on how well organizations execute under pressure.

From Cyber Risk Transfer to Proof

The shift from coverage to proof is redefining cyber risk transfer.

“Coverage disputes are never about the event. They are about whether the insured can prove how they responded to it,” Schwartz said.

Lunsford described how expectations have evolved in response to regulatory scrutiny and now extend to decision-making across the organization. “You need to be able to show your work,” he said. “You need to have a system of record that says not just how the security team handled something, but how the business responded across all the stakeholders.”

“Security leaders will be judged less on whether an incident happened and more on how they prepared, how it escalated and what was communicated,” Sullivan added.

Together, these perspectives reinforce that protection is increasingly contingent on behavior and response during and after an incident.

Execution Under Pressure – And the Limits of Cyber Risk Transfer

If proof is the new standard for coverage, execution and documentation become the challenge.

Cybersecurity expert and former CISO of Uber Joe Sullivan

ANTHONY THORNTON PHOTOGRAPHY

In the early stages of an incident, teams often rely on a patchwork of communication channels. “The hardest thing to document is typically who was involved in a decision and what facts were known at the time,” Sullivan said. “Teams default to verbal updates, fragmented chats and ad hoc calls, which later create gaps in the story that regulators will assume are intentional.”

Renee Guttmann, former CISO at Royal Caribbean, Coca-Cola and Time Warner Inc., explained what happens when leaders respond to incidents in real time and under pressure. “The biggest gaps are often in the ‘obvious’ details that go undocumented: who identified the issue, who declared the incident, who was involved and when and whether delays or missteps increased impact,” she said. “These are exactly the questions regulators will ask – and the hardest to answer later,” after months or years have passed and documentation is incomplete.

Breakdowns are not limited to documentation. “Breakdowns most often occur at the intersection of security, legal, and the business when decision rights and ownership aren’t defined in advance,” Sullivan explained.

Lunsford added that even well-developed plans are often not followed in practice. “The reality is when you go into an actual incident, nobody is pulling out their insurance policy and incident response plan, and making sure they're following it to a T,” he said. That disconnect between plan and execution is where risk increasingly resides, and why BreachRx developed its cyber incident response management platform, which includes up to $3 million in coverage for legal fees, fines and other costs for incidents managed on the platform for individual executives in addition to corporations.

The Rise of Personal Exposure in Cyber Risk Transfer

As expectations shift, so does accountability. “The conversation has shifted from technical controls to personal accountability,” Sullivan said. He also noted that while many CISOs now seek explicit assurances that D&O insurance will cover them, they lack control over allocation, particularly if relationships with their employers deteriorate after an incident.

Renee Guttman, former CISO at Royal Caribbean, Coca-Cola and Time Warner Inc.

Renee Guttman

Guttmann observed similar concerns across the CISO community. “Personal liability remains very much top of mind,” with some leaders reconsidering whether to take on the CISO title at all, given the potential exposure highlighted by recent individual prosecutions.

Lunsford connected that trend back to structural gaps in coverage, noting that many of the lawsuits CISOs face are not clearly addressed by either cyber insurance or D&O policies.

Together, these perspectives highlight a growing misalignment between authority, accountability, and protection.

What Fragmented Cyber Risk Transfer Means for Boards

For boards, the implications extend beyond insurance purchasing decisions. “Boards own the response discipline,” Schwartz said. “Buying insurance is easy. Making it pay is the governance.”

He recommends that directors ask, “When was the last time that we tested our policy language against our incident response plan and program, and show me the delta?” That question reflects a broader shift in oversight. Boards must now understand not only what coverage exists, but how it interacts with incident response processes in practice.

Lunsford emphasized that relying on static plans and policies is not sufficient. Organizations must be able to execute consistently and at scale, particularly as the volume and complexity of incidents increase.

From a CISO perspective, that execution depends on clear decision rights and alignment across stakeholders. Without that alignment, incidents can quickly devolve into disjointed responses that undermine both operational outcomes and legal defensibility.

A Different Standard for Cyber Oversight

The underlying change is structural. Cyber risk transfer is no longer defined by policies alone, but by how organizations operate under pressure and how well they can demonstrate that performance, sometimes months or years later.

For boards, that means shifting oversight from insurance coverage to capability. The board must be able to confirm not just that protection exists, but that the organization can demonstrate in detail how it can respond when tested.

Did you enjoy this story on cyber risk transfer? Don’t miss my next one: use the blue “follow” button at the top of the article near my byline to follow my work, and check out my other columns here.