A cyber insurance provider, Coalition, critiques the use of exclusion clauses by competitors that deny claims for unpatched vulnerabilities. They advocate for a risk-based approach to patch management and highlight the complexities of vulnerability management in modern cybersecurity. #CVEExclusion #PatchManagement
Keypoints
- Coalition criticizes certain cyber insurers for excluding claims related to unpatched vulnerabilities.
- Some policies exclude losses from CVEs with high severity scores if not patched within a set time frame.
- Vulnerability management is complex, making strict exclusion policies problematic for businesses.
- Chubb offers a grace period policy for patching CVEs, sharing risk with policyholders after deadlines.
- Coalition promotes a risk-based approach, focusing on high-impact vulnerabilities and rewarding good security hygiene.
Read More: https://thecyberexpress.com/cyber-insurers-unpatched-vulnerabilities/