99% of organizations have a cyber incident response plan. 73% admit it wouldn't hold up under real pressure. So what's the gap, and how do you close it?

Martin Hinton speaks with Matt Mosley, Incident Response Manager at Sygnia, about what actually happens when ransomware hits on a Friday night, why legal delays cost companies millions, and why AI in incident response needs a human hand on the wheel.

For cyber insurers and underwriters, this episode is essential. A weak cyber incident response plan is not just an operational problem; it is a claims problem. Backup gaps, undefined decision authority, and untested IR playbooks all drive longer recovery timelines and higher loss ratios. Mosley identifies exactly what underwriters should ask at renewal and which answers should raise flags.

RESOURCES

Sygnia

Find Matt on LinkedIn

Most CISOs Admit They Are Not Ready For The Next Big Cyberattack

State CISOs Sound The Alarm: What The 2026 NASCIO-Deloitte Study Means For Government Cyber Risk Insurance

Alibaba's AI Agent Mined Crypto Without Permission. Now What? (Forbes)

There's a New Phishing Scam: Fake Invitations (New York Times)

CHAPTERS

00:00 Understanding Incident Response Preparedness

02:53 The Role of Sygnia in Incident Response

04:13 The Dynamics of Incident Response

08:26 The Human Element in Incident Response

11:54 The Disconnect in Perceived Readiness

14:50 Practicing Incident Response Plans

16:58 Identifying Gaps in Incident Response

18:04 The Cost of Delayed Decision-Making

19:16 Dealing with Hubris in Leadership

21:24 The Complexity of Incident Response Plans

23:29 First Steps in Incident Response

25:24 Involving Key Stakeholders

28:00 Preparing for the Unimaginable

31:38 The Mainstreaming of Cybersecurity Awareness

34:46 The Evolving Landscape of Cyber Insurance

35:22 Visibility Gaps in Hybrid Environments

38:16 The Role of the CISO in Crisis Management

41:45 Communicating Cybersecurity Needs to the Board

45:28 The Impact of AI on Cybersecurity

52:34 Best Practices for Incident Response

56:38 Final Thoughts on Cybersecurity Preparedness

ABOUT CYBER INSURANCE NEWS

Cyber Insurance News and Information is the go-to source for underwriters, brokers, CISOs, and senior executives navigating the cyber insurance market. Published and hosted by Martin Hinton, a journalist with 30 years of experience covering just about everything.

Website: https://cyberinsurancenews.org

Most companies think they understand their cyber risk. They filled out the questionnaire. They renewed the policy.

They checked the box. According to cyber insurance experts Ralph Pasquariello and Craig Sekowski of CYBERRISKIQ, that confidence is one of the most dangerous blind spots in corporate America today.

In this episode of the Cyber Insurance News and Information Podcast, Ralph and Craig return as guests to discuss the cyber insurance gaps that leave organizations exposed precisely when they think they are protected.

WHAT WE COVER:

- Why less than 15% of successful cyber attacks ever become public and what that means for how companies assess their own risk.

- The 200-day average dwell time attackers spend inside corporate networks before detection.

- How AI is being used on both sides of the cyber fight and why your current policy may not cover an AI-enabled attack.

- Why renewing your cyber insurance policy annually without review is leaving companies dangerously exposed.

- Third party damages, class action exposure, and why sublimits matter more than most CFOs realize.

- CYBERRISKIQ's induction into the Society of Risk Management Consultants and what it signals about cyber's growing role in enterprise risk management.

- Why the current flat pricing market is an ideal window to add coverage layers without doubling premiums.

ABOUT THE GUESTS:

Ralph Pasquariello and Craig Sekowski are the founders of CYBERRISKIQ, a cyber insurance and cybersecurity advisory firm. They work with corporations, brokers, and risk managers to identify coverage gaps, assess cyber posture, and align insurance limits with real world exposure. They are members of the Society of Risk Management Consultants.

ABOUT THE HOST:

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News. With over 30 years of journalism experience across six continents, he covers the cyber insurance market for underwriters, brokers, CISOs, and risk managers.

READ THE FULL ARTICLE:

cyberinsurancenews.org/cyber-insurance-blind-spots-cyber-risk-iq

The Society of Risk Management Consultants (SRMC)

CYBERRISKIQ

Craig Sekowski

Ralph Pasquariello, CLCS

Chapters

00:00 Introduction to Cyber Insurance Awareness.

01:10 The Impact of AI on Cybersecurity.

02:44 The Growing Importance of Cyber Insurance.

06:13 Understanding the Hidden Cyber Threats.

07:56 The Role of Risk Management Consultants.

10:06 Bridging the Gap Between IT and Insurance.

11:58 The Importance of Reading Cyber Insurance Policies.

14:05 The Real Costs of Cyber Breaches.

18:12 The Long-Term Implications of Cyber Incidents.

20:49 Understanding Cyber Insurance and Its Importance.

21:55 The Value of Data in Cybersecurity.

23:24 Identifying Vulnerabilities in Data Management.

24:49 The Evolution of Data Breach Insurance.

27:38 The Reality of Cyber Attacks.

30:02 Raising Awareness in Cybersecurity.

31:55 Current Trends in Cyber Insurance Pricing.

35:06 Improving Insurability Through Cybersecurity Practices.

38:32 The Human Element in Cybersecurity Challenges

SUBSCRIBE for weekly coverage of the cyber insurance market from the source professionals trust.

Is your cyber insurance policy built on what your company says it does, or what it can prove?

In this episode, I speak with Tristan Morris, CEO and co-founder of SplitSecure, and Dylan Hamilton, business development lead, about why the shift from static questionnaires to verifiable controls is reshaping cyber underwriting in 2025 and beyond.

We cover credential theft, privileged access, vendor risk, and why 91% of cyber insurance payouts in 2025 were ransomware-related, even though ransomware represents less than 10% of claims by volume.

If you are an underwriter, broker, CISO, CFO, or general counsel, this episode has direct implications for how you buy, write, and manage cyber risk.

In this episode:

Why questionnaires capture a snapshot, not the truth.

How attackers exploit MFA exceptions.

The three ways MFA gets bypassed in practice.

What verifiable proof of credential discipline looks like.

Why privileged access is the single biggest underwriting differentiator.

The vendor access question every underwriter should be asking.

Resources mentioned:

SplitSecure

Verizon Data Breach Report 2025

IBM Data Breach Report 2025

Delinea Cybersecurity Report 2025

Connect with the guests:

Tristan Morris on LinkedIn

Dylan Hamilton on LinkedIn

Chapters

00:00 The Evolving Landscape of Cyber Insurance

09:22 Understanding the Role of MFA and PAM

14:59 The Financial Impact of Cyber Attacks

21:41 Navigating Credential Management Challenges

25:08 The Future of Cybersecurity Practices

35:29 The Evolution of Cyber Insurance Regulations

38:00 Challenges in Rewarding Best Practices

40:28 The Gray Area of Negligence in Cyber Insurance

44:53 Vendor Risks and Third-Party Access

50:34 The Human Element in Cybersecurity

54:31 Future Trends in Cyber Insurance

59:33 Final Thoughts and Quickfire Questions

Cyber risk management is no longer just an IT issue. It is a leadership challenge that affects every part of an organization.

In this episode of the Cyber Insurance News and Information Podcast, host Martin Hinton speaks with Max Martina, president of Cambridge Leadership Associates, about why cyber risk is an adaptive problem not just a technical one.

They explore the evolving role of the CISO, the leadership failures behind cyber incidents, and how organizational silos, culture, and governance shape real-world outcomes. The conversation also covers cyber resilience, crisis response, coalition building, and the growing impact of AI on cybersecurity.

If you work in cyber insurance, cybersecurity, enterprise risk, or executive leadership, this episode offers practical insights into how organizations can better manage cyber risk in a rapidly changing environment.

• Cyber risk as an adaptive problem

• Leadership and cybersecurity decision-making

• The evolving role of the CISO

• Cyber resilience vs readiness

• Organizational silos and governance challenges

• Psychological safety and cybersecurity culture

• AI and the future of cyber risk

  
  

  VUCA Framework

Chapters

00:00 Understanding Cyber Risk as an Adaptive Challenge

02:37 The Role of Leadership in Cybersecurity

05:47 Organizational Structures and Cyber Risk

08:58 The CISO's Position and Responsibilities

11:41 Building Coalitions for Cyber Resilience

14:38 The Importance of Psychological Safety

17:49 Navigating Leadership Challenges

20:37 Resilience vs. Readiness in Cybersecurity

24:00 Learning from Cyber Incidents

26:40 The Impact of Organizational Culture on Cybersecurity

29:33 Case Studies in Cybersecurity Governance

32:36 The CEO's Role in Cybersecurity

35:42 The Human Element in Cybersecurity

44:48 Collaboration Among CISOs

48:47 The Psychological Barriers to Cybersecurity

50:56 The Role of AI in Cybersecurity

55:40 The Cost Center Mentality in Cybersecurity

01:00:45 Understanding the Repeated Failures in Cybersecurity

01:05:42 The Need for Adaptive Leadership in Cybersecurity

01:09:49 The Future of Cybersecurity Leadership

Cyber insurance underwriting is evolving as insurers move beyond static questionnaires toward verifiable risk data.

In this episode of the Cyber Insurance News and Information Podcast, Martin Hinton speaks with Jessica Newman, Global GM of Cyber Insurance at Sophos, about how MDR telemetry and continuous evidence collection are changing how insurers evaluate cyber risk.

For years, cyber insurance underwriting relied on self-reported questionnaires and limited visibility into a company’s security posture. Today, insurers increasingly want proof that cybersecurity controls are deployed, configured properly, and actively monitored.

Jessica explains how Managed Detection and Response (MDR) and telemetry-based insights give underwriters stronger signals about real-world cyber risk.

The conversation explores how these developments may shape the future of cyber insurance underwriting, risk assessment, and policy pricing.

Topics covered include:

• The shift from cyber insurance questionnaires to verifiable risk data

• Why MDR telemetry is becoming important for underwriting decisions

• The future of continuous underwriting and evidence-based risk assessment

• How cyber insurance has evolved over the past decade

• The role brokers, carriers, and buyers play in cyber insurance

• AI’s emerging influence on cybersecurity and insurance markets

• What small and medium businesses should understand about cyber risk today

Jessica also shares her unusual journey from high school principal to cybersecurity executive, and why communication and education remain essential in cybersecurity leadership.

This episode is ideal for cyber insurers, brokers, underwriters, cybersecurity leaders, MSPs, MSSPs, and business owners who want to understand where cyber insurance underwriting is headed.

Our reporting on the Spektrum Labs Sophos deal.

Chapters

00:00 From Education to Cyber Insurance: A Unique Journey

02:59 Understanding Sophos: A Leader in Cybersecurity

04:23 Spectrum Labs Partnership: Revolutionizing CyberInsurance

07:39 The Importance of Proving Cybersecurity Measures

10:18 Evolution of Cyber Insurance: Changes Over the Years

14:03 Bridging the Gap: Brokers, Buyers, and Carriers

16:10 MDR Telemetry: The Key to Risk Assessment

18:55 The Insurability Factor: Enhancing Cyber InsuranceOptions

20:36 Shifting Standards: The Future of Cyber InsuranceUnderwriting

22:15 Current State of Cyber Insurance: Mile 10 of theMarathon

25:26 Continuous Underwriting: The Future of Cyber Insurance

28:36 Data-Driven Risk Assessment: The Future of Pricing

30:55 The Evolution of Cyber Insurance and Data Sharing

37:18 The Role of AI in Cybersecurity

44:54 Navigating Cybersecurity for Small and MediumBusinesses

53:05 Future Trends in Cyber Insurance and Underwriting

Data governance is becoming one of the most important controls in cybersecurity and cyber insurance risk management.

In this episode of the Cyber Insurance News and Information Podcast, host Martin Hinton speaks with Josh Mason, CTO of RecordPoint, about how poor data governance and uncontrolled data sprawl dramatically increase the cost and severity of cyber breaches.

Many organizations focus on preventing intrusions, but the real risk often lies in what attackers find once they get inside.

Years of duplicated files, legacy data systems, poorly managed permissions, and forgotten records can expand the breach “blast radius,” creating major legal, regulatory, and insurance exposure.

Josh explains how data governance frameworks, defensible deletion, and AI-assisted data classification can help organizations reduce cyber risk while improving their standing with cyber insurers and regulators.

The conversation also explores the growing role of AI in data management, the risks of shadow AI and third-party tools, and why insurers increasingly demand proof that governance policies are actually enforced, not just written down.

In this episode, you will learn:

• Why data governance is critical to cyber resilience.
• How data sprawl increases breach severity and insurance costs.
• What defensible deletion means and why it matters.
• How AI can both improve and complicate data governance.
• What cyber insurers and underwriters look for when assessing data risk.
• Practical steps organizations can take today to reduce liability.

This episode is essential listening for risk managers, CISOs, cyber insurers, compliance leaders, and executives looking to strengthen cybersecurity strategy and reduce cyber exposure.

Chapters:

00:00 Understanding Cybersecurity Breaches

04:48 The Importance of Data Governance

09:53 Defining Data Governance

12:38 The Impact of Data Sprawl

18:51 Immediate Steps to Mitigate Risks

22:49 The Role of AI in Data Management

30:38 Underwriting in the Age of AI

37:44 Data Governance and Defensible Deletion

40:26 Systemic Risks in Data Management

44:28 Legacy Systems and Their Challenges

49:06 Practical Steps for Data Management

54:40 The Importance of Data Education

01:00:11 Continuous Training and Cyber Resilience

01:02:43 Key Metrics for Data Security

01:08:39 Learning from Past Breaches

AI risk is now identity risk. In this episode of the Cyber Insurance News and Information Podcast, host Martin Hinton sits down with Chris Kelly, President of Delinea, to unpack why identity has become the security “control plane” and why that matters when AI agents, service accounts, and automation behave like real users.
They dig into the explosion of non-human identities, what “cloud native” security changes about resilience and uptime, and the practical guardrails organizations need when AI systems can act at machine speed.

The conversation stays grounded in real-world controls that security teams and underwriters care about, including vaulting privileged credentials, enforcing MFA for privileged access, and session recording.
If you’re trying to connect AI risk to operational reality and to cyber insurance expectations, this episode gives you a clear map, with fewer buzzwords, acronyms, and more “do this next.”

Chapters

00:00 Introduction and Guest Introduction

01:07 The Big Headline: AI and Identity Risks

02:25 AI Pervasiveness and Real-World Examples

04:09 Delinea's Approach to Identity Security

05:38 Customer Challenges in Identity Management

08:28 Chris Kelly's Career Journey in Cybersecurity

11:10 Evolving Awareness of Cybersecurity at the ExecutiveLevel

13:38 The Shift to Identity as a Critical Security Focus

15:11 The Need for a Dedicated Cybersecurity Division

16:28 The Rise of Cloud Native Security Solutions

22:34 Benefits of Cloud Native Architecture

26:06 Resiliency and Continuous Operations in Cloud Security

29:51 AI Strategies in Cybersecurity: Three-Pronged Approach

32:15 AI for Session Recording and Threat Detection

36:04 Security for AI: Protecting Autonomous Agents

41:21 Real-World Example: AI and Flight Booking Scam

44:02 The Growing Threat of Non-Human Identities

46:59 The Coming Trust Collapse and Identity Verification

49:32 AI's Impact on Small and Medium Businesses

55:29 Cyber Insurance and Controls for SMBs

01:00:46 Final Thoughts and Key Takeaways