How Cyber Insurance Drives DevSecOpsFebruary 9, 2022 Tweet
The costs and impacts of the SolarWinds breach were a wakeup call for third-party software vendors and their insurers. By the end of 2021, SolarWinds had spent more than $40 million on response and repairs, according to an end of year analysis by Cybersecurity Dive. Insurers are aware that third-party software is being targeted, which is driving up insurance rates, says Rob Beeler, CTO and cofounder of Trava Security.
Development organizations need cyber-insurance as much as if not more so than other organizations because, like in the SolarWinds case, their costs could quickly spiral out of control if they get sued by their upstream partners and buyers. Their policies will need to include errors and omissions clauses in case of lawsuits.
The key to keeping rates down is by shifting left, says Beeler. In this webcast, he shares how cyber-insurance is driving more rigorous risk assessments that will ultimately lead more secure development environments and improved code quality. What would really be helpful is if cyber-insurance assessment findings could align with software bills of materials (SBOMs).Additional Resources:
- The rising costs of cyber insurance: https://securityweekly.com/author/deb/
- Read more about GrammaTech’s Software Supply Chain Security Platform here: https://www.grammatech.com/codesentry-sca