Lies. Damn Lies. Cyber Statistics.
2 Billion hacking attempts were detected at the Athens Olympics in 2004.
60% were “password denied” errors.
Ever mistyped a password?
You're a hacker now!?
Cyber Insurance: Risk Transfer. Not Abdicating Responsibility.
Shortly after I started managing my first team, I was handed One Minute Manager Meets the Monkey.
A classic about when a person goes to their manager with a problem. The manager agrees to do something about it, and the monkey jumps off their back and onto the manager's. If the manager doesn't find a solution, they become weighed down by the monkeys on their back.
I spent hours thinking about this as a new manager. Picking and choosing what to take on - and most importantly, what to refuse.
Last week, this memory popped into my head as I watched an insurance underwriter decide if they would take on a risk - or refuse.
Years of shopping for car insurance create a false impression. Insurance isn't off-the-peg. It doesn't just happen. Dig through the layers, and there'll be an underwriter, most likely sat in a box in Lloyds of London. That person decides - yes or no.
For years it's been one of those things - "Need some cyber risk transfer? Buy some insurance." But what happens when the insurance company simply says - "I'm not taking that risk."?
We're entering a new era where cyber underwriters have minimum requirements. EDR (aka antivirus). 2FA or MFA. Proof that software is being patched.
Fail to reach the standard... no insurance. Gone are the days of blindly transferring (and accepting) risk. There is no abdication of responsibility. There are caveats now.
Like the new manager, insurers are becoming increasingly picky - do I take on that monkey or not?