Your Policy Won't Save You

I recently commented on the hot mess in Suffolk County, New York. This led me to this WSJ article from 2021 on the difficulty of obtaining cybersecurity insurance.

Cyber insurers are raising prices and limiting coverage after a series of high-profile attacks and mounting claims from ransomware

Covid and Remote Work Highlighted Our Flaws

I can only speak from my own experience. When the workforce was sent home, we were concerned with the following:

1. Get those who could work from home up and running as safely and securely as possible
2. Complete item #1 above ... like yesterday!

We were lucky (or good, but I'll take lucky any day). Since we were in the middle of a massive firewall deployment, we had enough VPN licenses for our people.

Sidenote:
If you want to make your CFOs day, show them the bill that COULD have been generated. Zing!

I felt like Oprah handing out VPNs and VDIs to our employees. You get one, and YOU get one, and WE ALL GET ONE!!!!

But we're better now...

Nope.

Insurance is still recovering from our poor security position.

In­sur­ers don’t ex­pect the amount they are will­ing to cover through cy­ber poli­cies to ex­pand dra­mat­i­cally in the near fu­ture, de­spite signs of a re­cov­ery from shock losses in re­cent years.

Most ma­jor cy­ber in­sur­ers are will­ing to write in­sur­ance for their largest cus­tomers up to around $15 mil­lion

Having worked with our insurance brokers and carriers they told me the horror stories of companies who didn't have a plan (or a prayer). Those breaches came like a tidal wave down on the insurance industry. Now all the chickens were coming home to roost come renewal time. Premiums are up, coverage is down and requirements are growing ever harder.

I'm thankful that my management team took the time to listen, fund, and roll out, not only MFA, but MFA via YubiKeys.

Was it expensive? Hell yes.

You know what else is expense? Someone want to ask the fine folks in Suffolk County New York?