The definition of “security” is “freedom from danger,” while the risk is defined as “exposure to the chance of injury or loss.” So, though in many instances, security and risk are used interchangeably, they are, in fact, complementary. The mission of security is to reduce risk, which brings up inevitable questions: How much security is enough? Will this incremental investment reduce risk? What are the tradeoffs?
In today’s world of constantly morphing malware and weaponized cyber attacks, no organization is totally secure and hence no organization is risk-free. In fact, striking a balance between security and risk has never been more difficult.
But, help is on the way. Marsh, the world’s leading insurance broker and risk adviser, and eight leading cyber insurance underwriters have joined together to help organizations invest in security solutions that will reduce risk. Through a ground-breaking program called Cyber Catalyst by Marsh, organizations will receive greater clarity and confidence in choosing cybersecurity solutions that can have a meaningful impact on cyber risk. Cybersecurity products and services viewed as effective in reducing cyber risk will be designated as “Cyber CatalystSM” and organizations that adopt Cyber Catalyst-designated solutions may qualify for enhanced terms and conditions on cyber insurance policies from participating insurers.
The program evaluated over 150 security solutions against the following criteria before naming 17 industry-leading security solutions as Cyber Catalyst designees:
- Verifiable and measurable reduction in cyber risk
- Successful implementations
- Applicability across a broad range of customers
- Differentiated features and characteristics
Beyond the obvious insurance benefit, the program is important for several reasons. First, it ties security and risk together so that business impact is introduced into what are typically technical security decisions. Second, this is done by insurance companies whose business it is to understand the monetary impact of risk—how to identify it, manage it and mitigate it. Third, organizations can now add cyber insurance to the “people, process and technology” triad that dominates today’s security discussion.
Marsh just announced the first group of recipients of the Cyber Catalyst certification today. The products went through a thorough multi-stage evaluation process and represent a broad swath of security solutions. Organizations from small offices to F500 enterprises can now tune their security technology decisions to the risk they address.
We at HPE have been fortunate that both of our submitted products - the HPE-exclusive silicon root of trust that protects the firmware in every HPE server, and the Aruba Policy Enforcement Firewall have been designated Cyber Catalyst solutions. Given the ubiquity of the Policy Enforcement Firewall and its integration with ClearPass Policy Manager in protecting network connectivity and IT access and the millions of HPE servers that feature silicon root of trust, HPE customers and partners can now avail themselves to Cyber Catalyst-designated solutions from the edge to the cloud.
With the health of the business tied inextricably to the health of IT, the Cyber Catalyst program will help business executives from the corner shop to the corporate board room reach intelligent decisions about where they should make their security investments across people, process, technology and now, insurance.
Learn More
Aruba Policy Enforcement Firewall
Check out the Tech Fugitives interview with Larry Lunetta where they get their #cybersecurity on and dish on how Dunkin Donuts got themselves into hot coffee.
