vCISO & General Counsel: Working Together

With cyber threats rising at an astonishing pace, more organizations are turning to cyber insurance. While a cyber risk policy does not stop breaches from occurring, it does help offset costs in case of an incident. 

However, getting and keeping a policy in place requires organizations to maintain a strong cyber security posture. Without one, an organization risks being unable to obtain a policy or having a claim denied.

When it comes to obtaining – and more importantly, retaining – cyber insurance, hiring a vCISO is one of the most valuable investments an organization can make.

Added to a repertoire for keeping networks and data safe, a vCISO is an active part of a strategy to head off potential threats and reduce their impact on an organization. 


What is a vCISO?

A virtual chief information security officer (vCISO) is an on-demand data security and privacy service provider who works for an organization remotely. A vCISO’s role is to help build, improve, and maintain a robust and reliable cyber- and data-security infrastructure. 

A virtual CISO typically includes cyber advisory services that work in tandem with an organization’s internal team. Experienced specialists can augment your existing team’s skillset while providing cybersecurity consulting services to help keep your assets secure.


While a vCISO handles cyber and data security, a virtual chief data office (vCDO) oversees how an organization manages and maintains data. Much of the vCDO role focuses on compliance, optimization, and leveraging data for improving results. 


vCISOs & General Counselors: 5 Strategies to Work Together Effectively

While a vCISO and general counsel (GC) fill two distinctly different roles in an organization, their work goes hand-in-hand – especially when it comes to maintaining cyber insurance coverage. 

At their core, both the vCISO and GC share a common goal – protecting an organization. To maximize a working relationship, a GC and vCISO should:

  1. Communicate
  2. Set defined expectations
  3. Understand the threat landscape
  4. Be familiar with the regulatory & compliance landscape
  5. Practice incident response readiness


1. Communicate

Communication is crucial in any relationship. GCs and vCISOs must be on the same page when it comes to assessing and mitigating risk. Neither party should be bashful about speaking up – sometimes hard conversations are the best, as they keep an organization proactive in staving off cyber threats.


2. Set Defined Expectations

One of the most dangerous things for an organization is when they engage outside resources without a clear picture of the intended outcomes of an engagement. Having the goals and deliverables clearly defined from the start of a relationship helps alleviate concerns or misunderstandings in the future. In addition, having expectations literally spelled out creates a means for accountability.

3. Understand the Threat Landscape

Cyber risks are higher than ever. Encrypted threats, ransomware, jackware, breach attempts, and nearly every other form of cyber-attacks rose by double or triple digits in 2021. Cybercriminals continue to evolve tactics.

A vCISO and GC should have regular conversations about where they see threats coming from and discuss ways to address them.


4. Be Familiar With the Compliance Landscape

Next to security, meeting compliance regulations and laws is the most important thing for data management and network security. Without having a grasp of the latest compliance laws and regulations, it becomes nearly impossible to develop programs that keep an organization secure and in compliance. Non-compliance is very costly to an organization, often meaning fines and penalties beyond the five-figure mark. 


5. Practice Incident Response Readiness

The only thing worse than a cybersecurity or data privacy breach happening is not being ready to respond immediately. If an organization cannot respond quickly, the damage and fallout from an incursion are far greater.

Organizations need to have a formal cyber incident response (IR) plan in place and test it regularly. Practicing a simulated response to incidents allows both a GC and vCISO to evaluate the effectiveness of the plan and make refinements.


A Working Relationship for Cyber Insurance

By setting and maintaining parameters for a working relationship, a vCISO and GC will have a much easier time obtaining and retaining cyber insurance.

We have all seen those commercials about getting a quote for home or auto insurance in a few minutes or less. Cyber insurance does not work that way. Before obtaining a policy, cyber insurers take a deep dive into an organization’s existing cyber security and data privacy measures – usually in the form of a lengthy questionnaire.

A vCISO’s services are invaluable when it comes to successfully completing an insurer’s questionnaire. Not only will a vCISO be fluent in the language and know what insurers are looking for, but they will also identify material weaknesses or gaps. This lets organizations resolve the security issues that might prevent them from obtaining cyber risk insurance.

After a policy is obtained, a vCISO’s work is far from over. A vCISO can help maintain and upgrade cyber defenses and data privacy policies as threats evolve to ensure your assets are protected and you stay in compliance with the terms of your cyber insurance.

In a worst-case scenario and a breach occurs, a vCISO is also there to assist in the mitigation and recovery process.

Ultimately, the vCISO’s presence and work help an organization not only protect itself and its sensitive data, but also its finances from hefty premium increases, denied claims, or losing coverage.

Optimize Applying for & Keeping Cyber Insurance

Download our free e-book, “A Compendium for Obtaining & Retaining Cyber Insurance.”


vCISOs: An Investment for Peace of Mind 

Though the costs to implement and maintain effective and adaptive cybersecurity and data privacy protections are indeed an expense, the financial impact of being without both is far greater to an organization.

With a vCISO’s services, an organization can rest easier knowing there’s another layer to their cyber defenses and data security efforts, as well as those to meet cyber insurance requirements. 

Add Our Team to Yours

Talk to one of our experts today about our vCISO services

Share This Post