Once every so often, there comes a time when it can be said that “the writing is on the wall.” Those times are invariably followed by a day on which the multitudes declare that “we should have seen this coming.”
“… insurers are failing to identify high-risk clients, because they are not undertaking sufficiently rigorous security evaluations before writing cyber policies …”
That time is now.
When I write on the topic, I like to assume that the audience is not a panel of experts – that they are not cybersecurity professionals, privacy lawyers, or seasoned hackers. I’m safe in that assumption. The truth is, the vast majority of the computer literate population in this country rarely changes their passwords. And that, in their world, is the final line of defense. Those anointed few who would qualify for the panel are in an alarming state of disarray – often at odds with each other – regarding rules, thresholds, and best practices regarding network security and privacy.
So you see, when I make a conjecture like, “cybersecurity is dangerously misunderstood,” I’m actually saying two things: 1) that what we know of the field is fragmented and the source of much disagreement, and 2) that a vast majority of the stakeholders in this equation receive a vanishingly small amount of education, skimmed from the headlines covering what amounts to a very large disagreement.
Because of this, we find ourselves operating within a system that is riddled with gaps and inconsistencies. Nobody will be surprised to learn that those gaps and inconsistencies represent opportunity – both for improvement, and for malice. Unfortunately, as we are in the early days, the churn of tools that are marketed with the purest of intentions has contributed to those gaps. As a result, we must also accept that even those who come in peace may in fact be unwitting agents of malice.
Into this environment, insurance companies are tumbling over one another, keen to ride the 2x growth wave of cyber liability policies.
And so you see why there may be cause for concern.