Fresh Thoughts #12: Lies. Statistics. Risk Transfer & Cyber Insurance.

spreadsheet of numbers

Lies. Damn Lies. Cyber Statistics.

2 Billion hacking attempts were detected at the Athens Olympics in 2004.

60% were “password denied” errors.

Ever mistyped a password?

You're a hacker now!?

Cyber Insurance: Risk Transfer. Not Abdicating Responsibility.

Shortly after I started managing my first team, I was handed One Minute Manager Meets the Monkey.

A classic about when a person goes to their manager with a problem. The manager agrees to do something about it, and the monkey jumps off their back and onto the manager's. If the manager doesn't find a solution, they become weighed down by the monkeys on their back.

I spent hours thinking about this as a new manager. Picking and choosing what to take on - and most importantly, what to refuse.

Last week, this memory popped into my head as I watched an insurance underwriter decide if they would take on a risk - or refuse.

Years of shopping for car insurance create a false impression. Insurance isn't off-the-peg. It doesn't just happen. Dig through the layers, and there'll be an underwriter, most likely sat in a box in Lloyds of London. That person decides - yes or no.

For years it's been one of those things - "Need some cyber risk transfer? Buy some insurance." But what happens when the insurance company simply says - "I'm not taking that risk."?

We're entering a new era where cyber underwriters have minimum requirements. EDR (aka antivirus). 2FA or MFA. Proof that software is being patched.

Fail to reach the standard... no insurance. Gone are the days of blindly transferring (and accepting) risk. There is no abdication of responsibility. There are caveats now.

Like the new manager, insurers are becoming increasingly picky - do I take on that monkey or not?

April 26, 2022
1 Minutes Read

Fresh Thoughts to Your Inbox

Fresh perspectives on cybersecurity every Tuesday. Real stories, analytical insights, and a slash through buzzwords.

We'll never share your email.

Related Reads

dropped ice cream

Fresh Thoughts #11: Risk Assessment Mistakes & Do You Need More Security?

The biggest mistake I made on my first risk assessment? It was too detailed. I documented every possible way...

Subscribe to Fresh Thoughts

Our weekly newsletter brings you cybersecurity stories and insights. The insights that help you cut through the bull.

We'll never share your email.


Fresh Security Support

Your Questions


Fresh Sec Limited

Call: +44 (0)203 9255868