Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

How hybrid work environments impact cybersecurity insurance coverage

By Nate Smolenski
hybrid work
November 1, 2022

Organizations seeking cyber insurance coverage are typically required by their insurer to provide evidence of a panoply of controls around information security, disaster recovery, and related risk and technology requirements and best practices. 

When organizational data resides only on-premises, documenting, evaluating and maintaining these controls have their challenges but are fairly straightforward for the IT, security and business teams responsible for them. They may need to install certain types of locks on data center doors, add cameras for monitoring foot traffic, and implement specific protocols limiting who can access what information. Within highly regulated industries, insurance carriers’ requirements often track closely with regulatory compliance. 

However, COVID-19 threw a monkey wrench into cybersecurity insurance and cyber risk management for many organizations. When a substantial proportion of the workforce began working remotely, the appropriate security control structure became less clear-cut. The challenge was exacerbated by the simultaneous increase in corporate use of Software as a Service (SaaS) solutions. 

Today, perhaps the only thing more challenging than building an effective control structure is producing evidence that the structure is effectively protecting corporate applications, data and users.

Now, corporate cybersecurity managers need to focus on understanding how their controls should be structured post-COVID, as well as how they can demonstrate those controls to internal and external auditors, as well as their insurers.

What exactly changed? 

The pandemic inspired a migration of workforces around the world. Employees are still doing the same jobs they used to do in the office, but many are doing so from home or other remote locations. 

It’s now much harder for traditional perimeter security methods to be effective in this hybrid environment. Even if the security team had the bandwidth to travel to each employee’s residence, installing security cameras and deadbolts on home office doors would not make sense. Nor is it feasible for a third-party auditor to travel to each disparate location to validate that the employee’s security environment is up to snuff.

Similar challenges certainly arose before COVID-19 existed. Some people traveled for their jobs, while others needed to occasionally take work home at night. Security teams required those types of remote workers to connect to the corporate network via a virtual private network (VPN). Auditors might ask how the company was protecting those connections, but when the company needed to prove that its most crucial controls were working, remote employees were typically the exception rather than the rule.

Hybrid work and cloud transformation flipped that equation on its head. The importance and effectiveness of perimeter-based controls and related security technologies has unraveled. Having to connect to the corporate network before using a SaaS application or browsing the internet can be tedious and may come with poor user experience. 

During the pandemic, some organizations made risky technology decisions for remote access by allowing the bypass of overwhelmed and oversubscribed remote access solutions that increased their attack surfaces. This combined with the increase of personal time spent on devices meant that the attack surface also now extended to often trusted services like Office 365, Google Suite and a host of other tools that employees use in both their professional and personal lives. This left gaps in many security technology strategies where traditional capabilities lack the ability to determine the difference between a corporate instance of Office 365 and a personal instance used at home. As a result of this quickly changing business operating environment and hybrid work landscape, cyber insurance providers’ control requirements have only intensified as the frequency of attacks and resulting losses from security incidents continue to mount.

What are insurers’ expectations?

When an organization seeks a cyber insurance policy, the insurer is naturally going to want information about the prospective business, operating environment, cybersecurity program, and related controls. This information is typically captured through the primary application process, supplemental coverage application, and the overall assessment methodology required to support underwriting the risk. The often paper-based process of explaining controls, providing an overview of the cybersecurity/risk management program and providing supporting documentation is a common place to start — but more and more the insurer also is expecting to see proof. 

Producing evidence may often be supported by attestations derived from external audits, assessments and penetration tests. However, any audit or assessment outcome is a snapshot in time and reflective of the efficacy and operating state of controls during a static time period and thus does not reflect the ebbs and flows of how an organization’s attack surface can quickly change. More and more, insurance companies are moving towards opportunities for continuously monitoring their insureds for changes to highlight emerging risks and vulnerabilities that could indicate, and better predicate, situations that may result in a claim. 

What does this mean for both the policyholder and the insurance company? 

The reality is, there is opportunity for both sides to gain insights from continuous visibility. The challenge is that with hybrid work and the impacts of continued digital transformation in business, it is crucial to look beyond just the inventory of users, identities, devices, applications and data that can be abstracted from the traditional data center operating environment. It is now critical to fully understand those key data points along with the inventory of cloud services in use: those that are sanctioned by IT; those being driven by business units (shadow IT); and those more personal services that are introduced everyday by end-users. 

While the inventory is a starting point, it is also important to understand who is accessing those services and how are they configured, as well as how much data is being sent to the services in question are all key elements that can quickly change a risk profile of an insured and often goes unchecked. Lastly, there is a need to evaluate the aforementioned cloud services from a supply chain risk and threat perspective and be able to answer questions about the organization’s cloud security posture.  

The industry is certainly seeing more insurers integrate actuarial science, cybersecurity attack surface evaluation, controls and threat monitoring; basing pricing on telemetry-driven predictions of which users are most likely to experience a data breach or other security incident that leads to a claim. Regardless of whether, or when, that fully comes to pass, security teams that are transforming their environments and modernizing their architectures have the capabilities and data needed to understand their cyber risks and ultimately provide proof that they are effectively managing the risk that they wish to transfer.

KEYWORDS: COVID-19 cyber insurance cyber risk management cyber security awareness hybrid workforce insurance trends

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Nate Smolenski is Head of Cyber Intelligence Strategy for Netskope. He is an experienced CISO and risk management and technology leader with more than 19 years of experience across financial services, management consulting, insurance and software industry verticals.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cybersecurity-blog

    Protecting endpoints in the age of hybrid work environments

    See More
  • work from home

    How to mitigate employee risk in remote work environments

    See More
  • remote workforce

    A people-centric approach to hybrid work cybersecurity

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!