The Cyber Insurance Playbook: What You Need to Know
Dive into the world of cyber insurance with our latest episode featuring expert Mike Saylor. We explore the evolving landscape of cyber insurance policies and their crucial role in today's digital security strategies. Learn why cyber insurance is more than just a financial safeguard and how it can be a proactive tool in your cybersecurity arsenal.
Mike shares invaluable insights on maximizing your cyber insurance benefits, from understanding policy nuances to leveraging your insurer's expertise. We discuss common misconceptions, the importance of pre-incident preparation, and strategies for effective incident response. Whether you're a small business owner or a corporate executive, this episode provides essential knowledge to navigate the complex terrain of cyber insurance and protect your digital assets.
Speaker:
You found the backup wrap up.
Speaker:
The only podcast dedicated to the unsung heroes of the data center backup admins.
Speaker:
In this episode, we explore the critical world of cyber insurance
Speaker:
with cyber expert Mike Saylor.
Speaker:
Discover why it's more than just a safety net.
Speaker:
It's a proactive tool in your cybersecurity arsenal.
Speaker:
We'll uncover the evolving landscape of cyber policies, debunk common
Speaker:
misconceptions, and reveal strategies to maximize your coverage from
Speaker:
understanding policy nuances to leveraging your insurer's expertise.
Speaker:
This episode is packed.
Speaker:
It's also filled with great stories from real cyber
Speaker:
incidents that Mike has been on.
Speaker:
By the way, if you have no idea who I am, I'm w Curtis Preston, AKA, Mr.
Speaker:
Backup, and I've been passionate about backup and recovery and
Speaker:
disaster recovery for over 30 years.
Speaker:
Ever since.
Speaker:
I had to tell my boss that there were no backups of the
Speaker:
database that we had just lost.
Speaker:
I don't want that to happen to me.
Speaker:
I don't want that to happen to you.
Speaker:
That's why I do this.
Speaker:
On this podcast, we turn Unappreciated Backup Admins into Cyber Recovery Heroes.
Speaker:
This is the backup wrap up.
Speaker:
I.
Speaker:
Welcome to the show.
Speaker:
Before we get started, if you could just take a moment and click the
Speaker:
subscribe or follow button wherever you are listening or watching
Speaker:
this podcast, that would be great.
Speaker:
I.
Speaker:
I am w Curtis Press, AKA, Mr.
Speaker:
Backup.
Speaker:
And with me, I have my elevated air conditioning consultant
Speaker:
Prasanna Malaiyandi how's it going?
Speaker:
Persona?
Speaker:
I am doing well, Curtis, and I'm glad that you're not sitting there sweating.
Speaker:
Yeah.
Speaker:
So, uh, I, I wonder if I'm the, I I can't be the only person that has done the
Speaker:
thing that I'm talking about right now.
Speaker:
You might be the only person.
Speaker:
Well, like technically, like when people mount their AC units in like
Speaker:
a high-rise building, they mount it off the side of the building.
Speaker:
Yeah,
Speaker:
kind of the same.
Speaker:
yeah.
Speaker:
So
Speaker:
I've
Speaker:
thing is,
Speaker:
someone do that inside the house.
Speaker:
yeah, so the thing is, I live in an HOA world, right?
Speaker:
So if I, what would be I.
Speaker:
Perfect for this setup would be a window unit.
Speaker:
I don't, I live in Southern California.
Speaker:
Most of us don't have ac but since I've moved my office upstairs and I've got sun
Speaker:
in the thing, you know, I've, I, I need something to cool off the room for me.
Speaker:
Right.
Speaker:
But I'm not allowed to put a window unit air conditioner, uh, per my HOA.
Speaker:
So I bought one of these, you know, standalone portable air conditioners,
Speaker:
but it was too big and it was in the way, and so I mounted it on the wall.
Speaker:
And
Speaker:
Yeah,
Speaker:
this very, well go ahead.
Speaker:
and I think you need to clarify.
Speaker:
You mounted it on the wall above where someone may have their head while
Speaker:
they're lying down and taking a nap.
Speaker:
That is definitely part of the installation.
Speaker:
Uh, and that person may be my granddaughter when she's, you know, so
Speaker:
it definitely needs to, uh, be sturdy.
Speaker:
So I have these, these, these, um.
Speaker:
Brackets that are designed to hold 200 pounds and the thing is only 60 pounds.
Speaker:
Uh, but yeah, I, I should actually take a picture of it for those that are watching
Speaker:
this, uh, on video, I should actually take a picture of it and put it in there.
Speaker:
But, uh, I, as usual, I consulted with you along the way.
Speaker:
Yeah.
Speaker:
and, um, you were particularly helpful with the, um, the
Speaker:
condensation line, uh, issue.
Speaker:
Um, but, um, so what, what do you, what do you think of my install?
Speaker:
What do you think?
Speaker:
it's, it was good.
Speaker:
Yeah.
Speaker:
And the fact that you, so we should also clarify that you then took this
Speaker:
idea and you did it again in a different
Speaker:
Yes, yes.
Speaker:
And I learned,
Speaker:
to V two.
Speaker:
I did, I, I, I made improvements, but I learned nothing because
Speaker:
I made similar mistakes when I was building the second one.
Speaker:
Uh, yeah.
Speaker:
So now, so I have this one that if it fails, it can fall and fall
Speaker:
onto my sleeping granddaughter.
Speaker:
The other one, if it fails, it falls on me.
Speaker:
So, um, you know, I just, the, the whole, the whole house could be taken
Speaker:
out and a structural collapse, but I'm sure everything will be fine.
Speaker:
be fine.
Speaker:
You use 200 pound brackets.
Speaker:
You're good
Speaker:
200 pound brackets and
Speaker:
leg screws.
Speaker:
yeah, four and a half inch lag screws, uh, six each on each bracket.
Speaker:
So
Speaker:
Yeah.
Speaker:
screwed
Speaker:
overkill
Speaker:
not screwed into drywall.
Speaker:
I'm not, I'm not an amateur here.
Speaker:
Yeah.
Speaker:
What is the air conditioner attached to the brackets?
Speaker:
Uh, the air conditioner is, um, what do you
Speaker:
Nope.
Speaker:
the air conditioner.
Speaker:
There is a shelf around, there is a shelf containing, there's a shelf on
Speaker:
the brackets, and then there is a.
Speaker:
What do you call it?
Speaker:
Um, a what?
Speaker:
but height of said lip is about two inches.
Speaker:
It's the, the lip is uh, six inches, sir.
Speaker:
Five and a half inches.
Speaker:
And so if, if there was an earthquake, I, I, I am considering additional strapping
Speaker:
because I do live in Southern California.
Speaker:
Yeah.
Speaker:
You should at least put a strap on that thing,
Speaker:
Yeah, yeah, yeah, yeah.
Speaker:
Uh,
Speaker:
that
Speaker:
anyway,
Speaker:
I'll be fine.
Speaker:
I, I did, I didn't bring this up to have my design criticized
Speaker:
You sure about that?
Speaker:
That's what you keep me around.
Speaker:
anyway.
Speaker:
Well, our guest today, he is the repeat guest.
Speaker:
Very excited to have him back.
Speaker:
He's been in it and cyber for over 30 years and just finished his doctorate in
Speaker:
business with a focus on cybersecurity.
Speaker:
He is the CEO and incident response lead at Black Swan Cybersecurity
Speaker:
and a friend of the pod.
Speaker:
Welcome to the show, Mike Sailor.
Speaker:
Thank you guys.
Speaker:
Great to be back.
Speaker:
Absolutely.
Speaker:
Mike, we're gonna talk, uh, this episode, and by the way, I want to.
Speaker:
Formally tell everybody for those that are fans of the pod, that listen, the
Speaker:
reason that Mike is back is that Mike has agreed to join me in writing my next book.
Speaker:
Um, I was, I, you know, I've been working on this for a while, got a contract with
Speaker:
O'Reilly and then realize that really, even though, you know, I specialize in
Speaker:
backup with sort of a, a minor in cyber, I would say, uh, you know, I needed
Speaker:
somebody that is doing this every day.
Speaker:
And so I brought Mike in.
Speaker:
And so Mike, I'm super excited that you're joining me on that.
Speaker:
So, uh, those that are listening to the pod on a regular basis
Speaker:
get used to Mike's voice.
Speaker:
He's gonna be here for a while.
Speaker:
Um, we're not gonna let him go until he is recorded at least 400 episodes.
Speaker:
Anyway, um, so today we're talking about, we're gonna, we're gonna
Speaker:
talk about cyber insurance, um, before we talk about, because this
Speaker:
is, you know, as part of our very.
Speaker:
You know, huge series here on, um, ransomware and related topics.
Speaker:
Um, cyber insurance plays a role in that defense.
Speaker:
One of the things you're, you should have been hearing us say is that you've
Speaker:
got to do all this stuff beforehand.
Speaker:
The best way to, you know, prepare, you know, to respond to a cyber attack is
Speaker:
to prepare to respond to it beforehand.
Speaker:
Don't wait until you get one.
Speaker:
Uh, to suddenly ask, do we have a cyber insurance provider?
Speaker:
Um,
Speaker:
Tony, Tony from Spectral Logic, right when he was like, yeah,
Speaker:
we got hit with ransomware.
Speaker:
And
Speaker:
yeah,
Speaker:
they had just signed up for cyber insurance like
Speaker:
they did.
Speaker:
before.
Speaker:
That's right.
Speaker:
Um, talk about great timing.
Speaker:
Um, yeah.
Speaker:
So we're gonna talk about cyber insurance.
Speaker:
Before we do that, there's sort of, sort of a, a subtopic that I want
Speaker:
to talk about, and that's this, this concept of assume breach.
Speaker:
I, I'm sure that you, that you, uh, have heard this phrase a lot, Mike.
Speaker:
What, what does it mean when, when, when people say they should assume breach?
Speaker:
Well, there's a couple, uh, a couple of different perspectives there.
Speaker:
One, it's something I've, I've, I've preached a lot in that it, it's
Speaker:
not, it's not if, it's when right, it's going to happen statistically,
Speaker:
whether it's an accident or intentional, it's gonna happen.
Speaker:
Yeah.
Speaker:
and the other part of that is when, when bad things do happen, you've gotta come
Speaker:
at it from what's the worst possible.
Speaker:
Scenario, and hopefully it's, it's not as significant as, as that, but
Speaker:
you've gotta, you can't just treat an incident as, uh, you know, you
Speaker:
can't just put a bandaid on it.
Speaker:
You've gotta, you've gotta really dig into it and figure out, uh, what it is
Speaker:
and how bad it is, and what's the scope and, uh, the, the impact, uh, so that
Speaker:
you're, you're addressing it properly.
Speaker:
And so I think Curtis, when we talk in the backup space, if we throw
Speaker:
out an analogy, it's like when you're doing backup testing, right?
Speaker:
Don't just test, Hey, I'm just gonna go restore a file, right?
Speaker:
Actually figure out what does it mean for like a DR test, or to figure
Speaker:
out like what happens when this application fails and all the other
Speaker:
dependencies that I need in order to be able to recover my environment.
Speaker:
Yeah, I think what, when I, again, you know, making an analogy to the backup
Speaker:
space, I've had a lot of experience in the backup world, and one thing
Speaker:
that I have seen time and time and time and time again is that everybody
Speaker:
backups, hardly anybody restores, right?
Speaker:
They, they, they just, they don't, and, and that's one of the reasons that I ended
Speaker:
up specializing in this because I happen to work at a bank where we had 12,000 end
Speaker:
users and they, and we had a tech support line, and any one of those 12,000 people
Speaker:
could call and ask for a restore of a file anytime, and they did it all the time.
Speaker:
We got like 10 restore requests a day.
Speaker:
Right.
Speaker:
Um, and again, I, I know I've said it before, but my favorite restore
Speaker:
that I ever got was a request to restore a file called Resume Doc.
Speaker:
And, um, and we're like, is that how that's pronounced?
Speaker:
You're like, I don't think that's how that's pronounced, but, um, the, so
Speaker:
most people don't restore, most people, even if they live in, depending on
Speaker:
where they live, they may or may not.
Speaker:
They, they, um, they probably haven't suffered a natural disaster, a terrorist
Speaker:
attack, um, you know, a, a fire that takes out your entire building.
Speaker:
Most people have not experienced those things.
Speaker:
And so they develop, I think over time a lackadaisical, um,
Speaker:
attitude towards those things.
Speaker:
And they also, I remember one meeting that I was in with a large company right
Speaker:
up the road from me, where when we were trying to get them to have a DR plan,
Speaker:
the response was, well, if that happens, I'll probably be dead, so I won't care.
Speaker:
Right.
Speaker:
When we talk about a cyber attack, none of those things are true.
Speaker:
Right.
Speaker:
You, like you said, Mike, um, you know, the odds of an individual
Speaker:
organization being a attacked by some level of cyber attack that cripples
Speaker:
your organization, whether or not it's ransomware or, or whatever type
Speaker:
of attack, but some type of cyber attack that impacts your organization,
Speaker:
the odds are essentially one-to-one.
Speaker:
Right?
Speaker:
It is pretty close.
Speaker:
It's gonna, especially over, over a long period of time, it's
Speaker:
Right,
Speaker:
Yep.
Speaker:
right.
Speaker:
And you've got to be, because you know, and I know that I say this a lot, just
Speaker:
like with, with terrorism, you, you have to be, uh, right all the time.
Speaker:
The attacker only has to be right once, right.
Speaker:
And unfortunately in cyber, sometimes the attacker doesn't even know he is
Speaker:
right yet, until he is, until your company's down and you're calling him
Speaker:
for help and he is like, oh, I got one.
Speaker:
Yeah.
Speaker:
Sometimes they don't even know.
Speaker:
That's interesting.
Speaker:
I would, I, I guess I would assume that they, yeah, I, I would assume that, yeah.
Speaker:
Well, I, they do, right?
Speaker:
I mean, they're, these ransomware companies are, you know, especially
Speaker:
the initial access brokers, right?
Speaker:
Um, they are, they're just throwing all kinds of stuff at the wall to see
Speaker:
if they, if anything sticks right.
Speaker:
mm-Hmm.
Speaker:
Automated attacks, scripts, ransomware stuff that goes out
Speaker:
in emails, that's just blanket.
Speaker:
Pool of emails that go out and statistically, you know, some percentage
Speaker:
of people will click on it, stuff gets infected, it automatically negotiates
Speaker:
and does stuff, and the bad guy doesn't know that he got you until
Speaker:
you call and ask, well, how am I gonna pay the ransom and get my data back?
Speaker:
He is like, all right, well,
Speaker:
Yeah.
Speaker:
Uh, not at our company.
Speaker:
No one at our company would do such a thing.
Speaker:
to us.
Speaker:
No,
Speaker:
Yeah.
Speaker:
That,
Speaker:
I think you're I wanted to say, I think you're right.
Speaker:
I think, I think there, the, the, the majority of organizations focus on having
Speaker:
a backup strategy not a restore strategy.
Speaker:
yeah.
Speaker:
Well, you know, and it, it, it's, I mean, there's a lot of reasons for that, right?
Speaker:
You know, I, I feel for my backup folks, doing the backup is so hard.
Speaker:
Um, you know, it shouldn't be so hard.
Speaker:
But doing the backup is so hard.
Speaker:
You, you, you know, you focus, like, what I remember was we spent all of
Speaker:
our time focusing on the backup window.
Speaker:
Backup window.
Speaker:
Can I fit my backup within the backup window?
Speaker:
Right?
Speaker:
And, and all of the design is focused on the, on the, um.
Speaker:
The performance of that backup to get it done.
Speaker:
And there were elements, and I'll throw multiplexing out for those that
Speaker:
have been, you know, those that spent time long enough to be backing up to
Speaker:
tape multiplexing is a perfect example where, um, it was a ingenious backup
Speaker:
design that solved the problem with tape, but it made, it made backups way
Speaker:
better, but it made restores way worse.
Speaker:
And, um, go ahead.
Speaker:
because you would be doing backups like 99.998% of the time.
Speaker:
Yeah.
Speaker:
And so you're optimized for that versus that one restore.
Speaker:
But that one restore is what's gonna bite you.
Speaker:
Yeah.
Speaker:
The one restores the one that's gonna get you fired.
Speaker:
Well then, I mean, if we go, if we go back to the left from.
Speaker:
The, the backup jobs and how long they take are, are you even, are,
Speaker:
are you backing up the right stuff?
Speaker:
So, you know, it is just doing what we're told and we've gotta
Speaker:
build technology and solutions that satisfy the business requirements.
Speaker:
And if, but, but very rarely are we able to go back to the business
Speaker:
and go, Hey, we're, I'm backing up a terabyte a day and it costs, you
Speaker:
know, $80 a tape plus people to do it.
Speaker:
And now we're gonna, is are, do we need to do that?
Speaker:
Can we, can we classify data and identify the right data?
Speaker:
And, and then I, I worked for a $5 billion telecom that did not have
Speaker:
classification or even good data, uh, data identification or consolidation.
Speaker:
And they were, it was dictated to, you will back up everything
Speaker:
and we will keep it forever.
Speaker:
when we had a DR assessment done, we would've been out
Speaker:
of business in $5 billion.
Speaker:
Telecom would've been outta business in two weeks because it would've taken
Speaker:
almost an entire week to get all of the backup tapes back to the location in
Speaker:
order to determine, back to the restore strategy, what's our dependencies
Speaker:
and what's our, what's the process?
Speaker:
And one of the other thing that that contributed to, uh, going outta business
Speaker:
was that some of those initial like bare metal systems that we'd have to
Speaker:
restore those, those backups were on nine track tape didn't have a nine
Speaker:
track tape device to restore it from.
Speaker:
Hey, Mike.
Speaker:
a ton of stuff.
Speaker:
But
Speaker:
you're, you're old.
Speaker:
the business side, I mean, I think it a lot of times just
Speaker:
does what we're told without.
Speaker:
Uh, effectively pushing back or dictating back to, uh, uh, the business
Speaker:
about helping us do our job better and more efficiently and all that stuff.
Speaker:
So,
Speaker:
yeah.
Speaker:
I, I, I hear you.
Speaker:
I used to be an auditor, so I audited the technology environments.
Speaker:
Like why are your tape jobs failing?
Speaker:
Well, we had to kill it 'cause people were coming to work and we were consuming
Speaker:
the network and, you know, that kind of, the backup's never, never finished.
Speaker:
So the main topic of this particular episode is about cyber insurance.
Speaker:
And honestly, I, I don't know how long cyber insurance has been around, but from
Speaker:
my experience, I went from never having heard of it to hearing of it all the time.
Speaker:
And there was this where, and where I started hearing about it was
Speaker:
people say, oh, well we need to get cyber insurance because these,
Speaker:
like, they didn't have it before.
Speaker:
And then they said, well, we're gonna need to get these cyber insurance.
Speaker:
And mainly their purpose of getting cyber insurance, from my opinion, was
Speaker:
to get somebody else to pay the ransom.
Speaker:
Right?
Speaker:
And then the cyber insurance companies wised up and said, yeah,
Speaker:
that's not how this is gonna work.
Speaker:
Um, but there is still a role.
Speaker:
I mean, they, and they still.
Speaker:
You know, are there to pay the ransom depending on the policy.
Speaker:
But what do you see today if I don't have a cyber insurance company or I
Speaker:
have the wrong type of a cyber insurance company, what would you, what role do
Speaker:
you see the cyber insurance company playing in today's cyber defense world?
Speaker:
Well, it's definitely evolved and matured, uh, to your point, uh, about when,
Speaker:
when did cyber insurance come about?
Speaker:
It's been around for over 20 years.
Speaker:
I think the first couple of cyber policies I saw were actually kind of free.
Speaker:
They were, they were throwing.
Speaker:
It in with the umbrella policies.
Speaker:
That's kind of a, if you get this, then we'll throw in cyber for you for
Speaker:
free or at no cost or something, you know, insignificant, like a hundred
Speaker:
bucks a year or something like that.
Speaker:
Because back then, and this was, this was before ransomware, even though it was
Speaker:
around, was really prevalent and you know, the ransoms weren't millions of dollars.
Speaker:
They were, you know, a hundred dollars in a, a Domino's gift card.
Speaker:
Yeah.
Speaker:
One Bitcoin.
Speaker:
so, right.
Speaker:
Uh, so the, the evolution of cyber insurance is really, uh, aligned or,
Speaker:
or, uh, as a result of the evolution of cyber crime and the interest in insurance
Speaker:
companies to delineate those risks.
Speaker:
You've got normal corporate risk and then you've got this other stuff
Speaker:
and there's different policies for these different types of risks.
Speaker:
And cyber has evolved as one of those kind of, uh, threats of, of
Speaker:
threat that they want to delineate.
Speaker:
And so over time.
Speaker:
You've gone from, uh, we, we have good just general company controls
Speaker:
and we get cyber insurance.
Speaker:
And now, today, and, and it's gone through this, this true evolution of, uh,
Speaker:
not only on our side from a consumer of what we need, but also on the insurance
Speaker:
side about what should they cover and, and what are, what, what should
Speaker:
we consider from a risk perspective.
Speaker:
'cause believe it or not, there's still not a whole lot of uh, on
Speaker:
the cyber side an actuarial side.
Speaker:
You know, like normal,
Speaker:
Hmm.
Speaker:
insurance would have still not a whole lot of, of historic data on
Speaker:
the actuarial side for them to be real comfortable and, and accurate
Speaker:
Risks.
Speaker:
policies and stuff.
Speaker:
So today they're doing what they can, uh, you know, they send you a questionnaire.
Speaker:
You, you, you tell them the things that you do or don't do and, and they
Speaker:
determine whether you qualify for their insurance and if you do what your
Speaker:
premium should be based on the risk that they assume, in your particular case.
Speaker:
Well then in.
Speaker:
Other things you've gotta consider is whether, and, and this is to your
Speaker:
question Curtis, about well, what insurance companies are out there
Speaker:
and what kind of policies there are, there are different policies.
Speaker:
There's the, you know, bare minimum, you know, we'll help cover, you know,
Speaker:
business expense, uh, for an outage.
Speaker:
And that's it, you know, up to, you know, some, some dollar amount.
Speaker:
I think the most, um, the most coverage I've seen in a single
Speaker:
cyber policy is 5 million.
Speaker:
So if you need more coverage, you've gotta get multiple policies.
Speaker:
Hmm.
Speaker:
but policies have small print.
Speaker:
and, and I've played on both sides.
Speaker:
I've played, I've played the role of supporting the victim of
Speaker:
a, of a crime and, and working with them to get the claim.
Speaker:
And I've, I've played the, the auditor on the insurance side to
Speaker:
help them determine whether or not they should, should approve a claim.
Speaker:
And some of that is based on the small print and one of those small print.
Speaker:
Things that, that insurance companies tend to throw in there
Speaker:
to protect themselves is are things like terrorist attack or was it a,
Speaker:
Nation state.
Speaker:
It was an international nation state attack.
Speaker:
Because they tried doing that for one of the attacks.
Speaker:
I can't remember which one it was.
Speaker:
I think Lloyd's tried to get out of paying by claiming that
Speaker:
it was a nation state attack.
Speaker:
mm-Hmm.
Speaker:
Basically declaring an act, essentially declaring it an act of war.
Speaker:
Right.
Speaker:
Yeah.
Speaker:
and, and threat actors are becoming more comfortable and, and
Speaker:
conversant with, with these, uh, particular aspects of a policy too.
Speaker:
'cause they want to get paid.
Speaker:
And so, as an example, an insurance policy may say that they will
Speaker:
only cover a domestic attack.
Speaker:
Well, if a bad guy, whether they attacked you initially, internationally
Speaker:
or not, if they find out your policy has that stipulation, then
Speaker:
they will back out of that attack and redo it from a domestic host.
Speaker:
quite literally.
Speaker:
and in a lot of cases, they're gonna do their own reconnaissance on and, and
Speaker:
eventually find your policy documents and
Speaker:
I was
Speaker:
and all these other things so that then when, when they do post your ransom, it's,
Speaker:
you know, they're, they're gonna start
Speaker:
for that number right below what the policy covers.
Speaker:
Uh, well, in, in some cases it's, it's, it's a little higher
Speaker:
Yeah.
Speaker:
they want to negotiate.
Speaker:
Yeah.
Speaker:
you know, I'm gonna ask you for nine, but you've only, and, and they know
Speaker:
you've only got five in coverage.
Speaker:
And then they're, they're gonna settle for four and a half and they're, you're
Speaker:
gonna think you got this great deal.
Speaker:
Uh, so there is a game that's played, um.
Speaker:
are, there are stipulations from insurance companies based on the type
Speaker:
and the amount of coverage you need.
Speaker:
Mm-Hmm.
Speaker:
different insurance companies have different products, I
Speaker:
think is what they call them.
Speaker:
Uh, Lloyd's has 'em, Beasley has 'em, there's any number of other, uh, pretty
Speaker:
well known and there's a ton of brokers, uh, that resell, you know, whatever the,
Speaker:
the actual carrier or underwriter, uh,
Speaker:
So,
Speaker:
is,
Speaker:
so it's just like home insurance or car insurance, except
Speaker:
now they're cyber insurance.
Speaker:
So.
Speaker:
So there, there was a part in there where you talked about, uh, negotiation.
Speaker:
Um.
Speaker:
Uh, does the cyber insurance company, do they play a role
Speaker:
in that negotiation aspect?
Speaker:
They can if you in, well, yes they can.
Speaker:
Uh, so.
Speaker:
But it depends.
Speaker:
Uh, some, some organizations try to handle, you know,
Speaker:
the incident on their own.
Speaker:
'cause they don't think, uh, you know, maybe they can, they can self-fund
Speaker:
a ransom or they don't wanna involve their insurance company because
Speaker:
they're afraid their premiums are gonna go up, or it's gonna hit the
Speaker:
news or whatever the case may be.
Speaker:
So there's that independent, I'll, I'll, I'll handle this on my own.
Speaker:
Mm-Hmm.
Speaker:
Uh, then there are insurance companies that, uh, are more of
Speaker:
a, an advisor and they don't have, or maybe they partner with or can
Speaker:
refer you to a ransom negotiator.
Speaker:
And then some of the, the policies, uh, the policy carriers have their own ransom
Speaker:
negotiators that, will work with you and.
Speaker:
Try to, and a lot of those negotiators are well versed in, in
Speaker:
whoever that ransomware gang is.
Speaker:
So if you've got, you know, the Lazarus group or, uh, lock bid or black suit
Speaker:
or whoever it is, when you call your insurance company and you say, I've
Speaker:
got this ransomware thing, they're gonna ask you for some particulars.
Speaker:
And based on that, they're gonna assign you a ransomware negotiator that, that
Speaker:
has worked with that, that group before.
Speaker:
so very strategic and familiar with their, their, uh, behavior.
Speaker:
So we've kind of talked about the financial aspects.
Speaker:
What are other things that the cyber insurance companies
Speaker:
can offer to their clients?
Speaker:
Uh, other than.
Speaker:
Like helping with the negotiations and paying ransomware.
Speaker:
Well, it kind of starts with that questionnaire.
Speaker:
Uh, so when, when, when you, when you go looking for, uh, cyber insurance,
Speaker:
you're gonna get this questionnaire about the things you, they would
Speaker:
hope that you have in place.
Speaker:
And so that's a good starting point.
Speaker:
That's kind of basic cyber hygiene.
Speaker:
although there are some questions that, that I've seen on some questionnaires
Speaker:
that I just, I don't think they're relevant, but it maybe to that,
Speaker:
maybe to the insurance company is.
Speaker:
So that's a good starting point.
Speaker:
And, and you can just google like cyber insurance questionnaire and,
Speaker:
and, and see what I'm talking about.
Speaker:
I hope MFAs on there.
Speaker:
It should be.
Speaker:
You're right.
Speaker:
Uh, I haven't seen one recently, uh, that didn't have MFA on it.
Speaker:
Uh, but there are some things that, uh, some organizations
Speaker:
can't, uh, or think they can't afford, like 24 7 monitoring, like
Speaker:
Hmm.
Speaker:
small five person credit union or a, a mom and pop shop that needs cyber insurance.
Speaker:
They're like, there's, how am I gonna cover that?
Speaker:
Yeah.
Speaker:
Hmm.
Speaker:
so what, you've either gotta go figure that part out to qualify or just keep
Speaker:
shopping around for different insurance providers that may not ask that question.
Speaker:
so first of all, there's this list of things that to consider doing to implement
Speaker:
good cyber hygiene in your organization.
Speaker:
So there's that.
Speaker:
I mean, that's free.
Speaker:
Yeah.
Speaker:
Uh, but then once you, uh, once you're engaged with a
Speaker:
cyber insurance carrier, um, I.
Speaker:
want to hear from you.
Speaker:
They want to know you've got questions.
Speaker:
They want to know that you're willing to improve your
Speaker:
environment and your controls.
Speaker:
And, they want to establish a relationship with you so that when
Speaker:
something does go wrong, you feel comfortable talking to them and you know
Speaker:
Mm-Hmm.
Speaker:
and they know who they're talking to and, and there's some familiarity there.
Speaker:
So when they do give you advice, it's based on what they know about
Speaker:
your company and not just some, you know, bullet point out of a book.
Speaker:
Yeah,
Speaker:
those insurance
Speaker:
go ahead.
Speaker:
often have relationships with other service providers.
Speaker:
So if you need something specific, your insurance company already has
Speaker:
a list of pre-approved, uh, service providers or people or companies that
Speaker:
they will also, if, if you do file a claim, um, are kind of pre-approved
Speaker:
to get, uh, to get covered by a claim.
Speaker:
So, so it sounds like you're talking about other basically, uh, response
Speaker:
team, companies like yourself that, um, that you can, you can develop a
Speaker:
relationship with the insurance provider.
Speaker:
The insurance provider can help you develop a relationship
Speaker:
with these other response.
Speaker:
So is that what you're saying is they can help introduce
Speaker:
you to these other companies?
Speaker:
Absolutely.
Speaker:
Um, and so, and, and ideally, and, and I like the way you phrased that because it
Speaker:
sounds like that's something you, you, you do ahead of something bad happening,
Speaker:
uh, which is always something I suggest.
Speaker:
Get to know your neighbors before your house catches fire and you're
Speaker:
away on vacation and you're calling someone to get the garden hose out.
Speaker:
Uh, you, you need to meet all of the people and, and at least have at least
Speaker:
one conversation and know someone's name and have the right phone number and
Speaker:
what their role could be and how they could help figure all that out today,
Speaker:
uh, before something bad happens, I.
Speaker:
Yeah.
Speaker:
thing, Mike, uh, I know we've been talking a lot about sort of ransomware,
Speaker:
but cyber insurance also covers more than just ransomware, right?
Speaker:
It's, I think you had mentioned previously, right?
Speaker:
It's incidences.
Speaker:
Right.
Speaker:
And so, you know, any, anything can be an event.
Speaker:
Uh, I broke my computer, I lost my computer, uh, someone
Speaker:
may have stolen my password.
Speaker:
That's an event you tell somebody and, uh, you know, the, the person responsible in
Speaker:
your organization that, that does, that intake then has to, to assess what they're
Speaker:
being, what this event is, and classify it as a type of incident if it is one.
Speaker:
And then what kind of criticality goes along with it, based on
Speaker:
that, that classification of that incident, you know, stolen laptop.
Speaker:
Okay.
Speaker:
Well, if it's, if it's the, you know, the receptionist laptop,
Speaker:
uh, probably not that critical.
Speaker:
But if it's your field auditor that visits 20.
Speaker:
a month and all that consolidated data is on there, and well,
Speaker:
is it encrypted or not?
Speaker:
Or, you know, what all the, all those details help us assess
Speaker:
and classify this incident?
Speaker:
Well, then that assessment could also place a value or a
Speaker:
risk impact on that incident.
Speaker:
so for example, if that laptop stolen with that much client data on it,
Speaker:
and you're in California and they assess you $2,500 per client record,
Speaker:
Yeah.
Speaker:
there's who knows how many records on there.
Speaker:
Well, there's a, there's a, there's a value to that.
Speaker:
It's not just the replacement cost of the,
Speaker:
Laptop.
Speaker:
Yeah.
Speaker:
so there's a regulatory, uh, issue there too.
Speaker:
Uh, and then well, does your cyber policy cover regulatory issues?
Speaker:
And so there's all these things that you really need to
Speaker:
us understand your business.
Speaker:
First, what do we do here?
Speaker:
What kind of data do we handle?
Speaker:
Uh, where is, where is it, how does that stuff flow?
Speaker:
And who's responsible for all these things?
Speaker:
Then you go get a, a policy, uh, that helps you cover that stuff.
Speaker:
Uh, and that's not the, that, that, uh, level of detail, or it is not
Speaker:
in your cybersecurity questionnaire.
Speaker:
They're not gonna ask you the value of a stolen laptop with client data on it
Speaker:
they don't know your business either.
Speaker:
Now, the umbrella, umbrella policies do that.
Speaker:
Mm-Hmm.
Speaker:
want to know what kind of business you, you're, you're in, what services you
Speaker:
provide, what kind of data you handle.
Speaker:
But your cyber policy, for whatever reason, hasn't gotten to that level yet.
Speaker:
So we've had an incident.
Speaker:
What?
Speaker:
What do we do now with regards to the cyber insurance?
Speaker:
How does that, how does the cyber insurance company, how is it
Speaker:
involved in an actual incident?
Speaker:
Well, I'll tell you in my experience dealing with cyber, uh, both on the, you
Speaker:
know, just basic broker relationships, but also the, the underwriter, um, in most
Speaker:
cases it's a broker we've, we've dealt with, but they all want to be contacted.
Speaker:
As soon as you think you've got a problem, it doesn't matter how big or small they
Speaker:
Hmm.
Speaker:
to help be a part of, the response and give you the right advice and help you
Speaker:
calm down and, and think rationally.
Speaker:
Good luck with that.
Speaker:
well, and, and a good, a good example of that is, uh, we
Speaker:
had a, a credit card merchant.
Speaker:
Uh, you know, so they're a small, a small business, but they actually
Speaker:
process a ton of credit cards and they had a breach, a ransomware breach.
Speaker:
And they started calling everybody in the world.
Speaker:
They called three different cyber firms, and we all showed up together.
Speaker:
We're like, I, it's funny seeing you here.
Speaker:
Why, why are you here?
Speaker:
Well, it's the same thing.
Speaker:
You're so overkill, right?
Speaker:
She, she called in the National Guard, the, the, the army, the
Speaker:
Canadian Royal Mounted Police.
Speaker:
They all showed up at the same time and she only needed one.
Speaker:
Uh, and it wasn't just cyber.
Speaker:
She called three cyber firms, four or five it MSPs.
Speaker:
She called a backup company, a forensic company.
Speaker:
She called law enforcement.
Speaker:
I mean, her, her office was in a, a shared, uh, tenant space, and
Speaker:
we all couldn't fit in her office.
Speaker:
It is like we had to wait outside and go in one at a time.
Speaker:
definitely overkill.
Speaker:
Well, if she had called the insurance company first one, they would've
Speaker:
helped advise her on what's the normal response to this thing.
Speaker:
Hmm.
Speaker:
here are some pre-approved experts that we, we know these, the,
Speaker:
you know, these groups, uh, are effective and, and they'll help you.
Speaker:
And they're already pre-approved on our list.
Speaker:
So if you do file a claim, no issue and get reimbursed for that stuff,
Speaker:
that would, and that's how it, it, it played out eventually, you know,
Speaker:
I don't remember if it was me or somebody else suggested let's get
Speaker:
your insurance company involved.
Speaker:
and once she did, they
Speaker:
So she,
Speaker:
and
Speaker:
so she called everybody but her insurance company.
Speaker:
That is correct.
Speaker:
Because,
Speaker:
I think that's, that's common.
Speaker:
A
Speaker:
yeah.
Speaker:
a lot of organizations, I feel like if I call my insurance
Speaker:
company, my rates are gonna go up.
Speaker:
Well, even if your rate did go up, I think the, small, medium sized business
Speaker:
cyber insurance policy is probably between 1,550 $500 a year, depending
Speaker:
Mm-Hmm
Speaker:
your risk and your coverage.
Speaker:
If your policy went up, if your premium went up, maybe 10%.
Speaker:
right,
Speaker:
mm-Hmm.
Speaker:
bucks at the most versus, you know, millions of dollars in ransom or expenses
Speaker:
that your insurance company will not reimburse you for because they were
Speaker:
excessive or not covered or whatever.
Speaker:
So the fear is there, but the rationale is not,
Speaker:
Yeah,
Speaker:
Well,
Speaker:
They're like, I don't
Speaker:
but,
Speaker:
rates to go up.
Speaker:
But really, do you understand what that looks like
Speaker:
On a completely separate matter, having nothing to do with
Speaker:
cyber insurance, I am involved.
Speaker:
With a company who had to contact their insurance provider, and
Speaker:
they were terrified about it.
Speaker:
And one of the things that they were worried about is if this all comes to
Speaker:
fruition, they were also worried about being canceled and, and then, and then
Speaker:
not being able to get a policy after that.
Speaker:
How, how valid is that?
Speaker:
Worry.
Speaker:
It, it's somewhat valid.
Speaker:
And, and for two, for two primary reasons, the first reason that you
Speaker:
would get canceled after involving your insurance company, whether it's
Speaker:
a claim or, or part of, or just a claim or, or also part of the response
Speaker:
Mm-Hmm.
Speaker:
in, if the insurance company, determines that.
Speaker:
All of the information you provided them upfront that
Speaker:
Ah,
Speaker:
qualify for this policy was false or negligent or
Speaker:
Yeah.
Speaker:
lying is bad.
Speaker:
Regardless.
Speaker:
Well, even if you, even if you just filled it out because you
Speaker:
didn't know you can't, you can
Speaker:
Hmm.
Speaker:
ignorance, but it was still inaccurate.
Speaker:
Right.
Speaker:
So then, then you're gonna get dropped because they figured,
Speaker:
they found out that you shouldn't have been approved to begin with.
Speaker:
And then the second, the second one is just gross negligence.
Speaker:
It doesn't matter if you've got the best security controls in the world and in
Speaker:
good sick, good hygiene, and, and you, you were immaculate and accurate on
Speaker:
their, their qualification questionnaire.
Speaker:
This incident happened.
Speaker:
you were negligent in responding to it.
Speaker:
You didn't call them timely, you didn't apply the right resources to,
Speaker:
to mitigate and solve the problem.
Speaker:
And you just, you were just like, whatever.
Speaker:
I've got insurance coverage.
Speaker:
And you waited till the end of the day and,
Speaker:
Hmm.
Speaker:
hope that insurance company covered it.
Speaker:
And, they're gonna go, yeah, that's not the way this works.
Speaker:
Uh, and even if they do pay your claim, they're probably gonna drop you.
Speaker:
you.
Speaker:
and I'll, I'll add this.
Speaker:
Even, even in a perfect world, uh, you did everything right.
Speaker:
You had all the good stuff in place.
Speaker:
The insurance company thought the response went well, uh,
Speaker:
everything was covered in a claim.
Speaker:
Or even if you didn't have to file a claim, you figured out how to do this
Speaker:
without your minimums or whatever the
Speaker:
Mm-Hmm
Speaker:
But you solved your insurance company and they want that.
Speaker:
So even at the end of the day, in a perfect world, they're gonna come back
Speaker:
to you postmortem and just double check.
Speaker:
what could we have done different?
Speaker:
To keep this from happening and so that it doesn't happen again.
Speaker:
mm-Hmm.
Speaker:
Just know that, that they're gonna want to be involved in the, in the postmortem
Speaker:
as well, even in a perfect world.
Speaker:
I was worried you were gonna say even when everything goes right,
Speaker:
they still might cancel you.
Speaker:
Yeah.
Speaker:
That's what I thought you.
Speaker:
do they also consider Mike like looking at the dollar value of the claim
Speaker:
they do.
Speaker:
They do.
Speaker:
and so if, if, but there's all these other factors, just like insurance companies do.
Speaker:
They've got all these factors, they've got all their formulas
Speaker:
and all this good stuff.
Speaker:
so even in a perfect world, everything went fine and you've got a $5
Speaker:
million policy and you maxed out that policy, whether it's ransomware,
Speaker:
uh, you know, they, they asked for 5 million or it's some combination
Speaker:
of ransom and expenses and stuff.
Speaker:
Loss, uh, loss or people you had to bring in to help.
Speaker:
So there, there's this formula that says if, if you exceed some
Speaker:
percentage of your coverage, uh, it kicks in these other activities.
Speaker:
And so whether that's, Hey, you need to go get, you need to bring
Speaker:
in a, uh, an external auditor that you pay for, uh, that's gonna give
Speaker:
us a report and give us comfort
Speaker:
Mm.
Speaker:
based on your industry or the type of data you handle, uh, you've now gotta
Speaker:
become certified in, you know, like ISO 27,001 or, or gonna have a SOC
Speaker:
two type two, you know, activity done.
Speaker:
Uh, there are, uh, cases I've, I've heard of, uh, I have in, in
Speaker:
probably man, uh, 14, 16, almost 18 years of doing incident response.
Speaker:
I have not seen a, um, a cyber insurance company like, put
Speaker:
the hammer down on somebody.
Speaker:
I've not seen anybody get canceled.
Speaker:
but also, I mean, I, I was involved in an incident response as part of a team.
Speaker:
And so that's the normal thing to do,
Speaker:
Yeah.
Speaker:
Right.
Speaker:
some company that just maybe didn't respond well and called
Speaker:
their insurance company.
Speaker:
Maybe those are the ones that got
Speaker:
Gotcha.
Speaker:
time.
Speaker:
Uh, but I, because of my role, I have not seen that that result in, uh,
Speaker:
the responses that I was involved in.
Speaker:
Involving your insurance company as soon as possible.
Speaker:
one establishes comfort and credibility with them.
Speaker:
Uh, they want to be part of the discussion.
Speaker:
Uh, but two, in, in a lot of cases, I think, like I mentioned, they, they
Speaker:
deal with incidents all the time.
Speaker:
And so they
Speaker:
Right.
Speaker:
give you guidance and direction and feedback about what you're doing
Speaker:
or what, uh, questions you may have or, or doubts you may have.
Speaker:
So there's, there's definite value in,
Speaker:
Yeah,
Speaker:
them, and they wanna be involved as soon as possible.
Speaker:
What about their involvement before the incidents even happened?
Speaker:
certainly, and, and I, I preach this all day long.
Speaker:
You, you've gotta, you've gotta train and practice, uh, before the game.
Speaker:
And the, uh, game day is when incidents happen.
Speaker:
And if, if your team doesn't show up and you don't know who's, who's on first and
Speaker:
what play to run, and, uh, whose role is, uh, you know, the roles are defined.
Speaker:
And, and if you don't have all that in, in, in place, then your
Speaker:
response is not gonna be as effective or timely as as it could be.
Speaker:
And so we, we want them, we want organizations to do what are called
Speaker:
tabletops, at least, at least once a year.
Speaker:
Hmm.
Speaker:
Uh, brainstorm about all the, the things that could significantly impact
Speaker:
your, your company like ransomware.
Speaker:
Uh, and then develop a scenario, have a third party moderator come in and,
Speaker:
and run everybody through it and kinda lead the, you know, be the referee.
Speaker:
Hmm.
Speaker:
and one of the things that we always stress is, you know, a lot
Speaker:
of organizations think that their, their team is just their employees
Speaker:
and their subject matter experts.
Speaker:
You've really gotta expand that because when you think about an incident.
Speaker:
depending on what the scenario is, uh, you want to involve outside people.
Speaker:
It could be your, your outside legal counsel.
Speaker:
It could be, uh, law enforcement, uh, but almost in every, in almost
Speaker:
every case, uh, you would want to consult your insurance company.
Speaker:
And so your insurance company and your tabletop exercises,
Speaker:
your broker, uh, is a great idea.
Speaker:
Uh, and for a couple of reasons.
Speaker:
One, uh, very often the only time you've ever talked to them is the
Speaker:
day you, you got your policy, and, and, and you're, you're looking
Speaker:
for the quote for your renewal.
Speaker:
That's really it.
Speaker:
Do you really know your insurance broker?
Speaker:
Do you know what their process is?
Speaker:
If you do have an incident and you need to file a claim, or you need help finding
Speaker:
a right resource and who's covered by, know, their, your policy, uh, get all
Speaker:
that stuff, uh, uh, in a, in, in your incident response plan and involve them
Speaker:
so that you, you know, who, you know who Bob is and they know who you are.
Speaker:
And, um.
Speaker:
and just real quick, that exercise alone is going to a lot of value.
Speaker:
I, I did an incident response where they thought they only had
Speaker:
$5 million in cyber coverage.
Speaker:
threat actor actually knew they had 10,
Speaker:
and so their, the ransom was $8 million.
Speaker:
And this company, and, and, and, you know, I'm, I'm working on information
Speaker:
that I'm provided, which is the same understanding that the rest
Speaker:
of the incident response team had, which was, we only had $5 million.
Speaker:
So how in the world are we gonna get it down from eight to something
Speaker:
covered by the insurance policy?
Speaker:
And we were on this zoom at like three o'clock in the morning.
Speaker:
This happened on a Friday.
Speaker:
So this was Saturday morning, we were on a Zoom and somebody came
Speaker:
in at, you know, maybe they were down the hall and, and bringing in
Speaker:
some donuts or coffee or something.
Speaker:
And they were in the background, uh, kind of like about as far away, uh,
Speaker:
as Curtis's bookshelf behind him.
Speaker:
And we were talking.
Speaker:
We were talking about $5 million, you know, only having $5 million in coverage.
Speaker:
And that person stopped and looked down in the camera and said, you know, we
Speaker:
have two $5 million policies, right?
Speaker:
And everybody in the room was like, where did that come from?
Speaker:
And who are you?
Speaker:
And what, where's that information?
Speaker:
Uh, well, to make matters worse, worse, uh, back to understanding your policy.
Speaker:
They did have $10 million in coverage, but it was a self-funded policy.
Speaker:
Hmm.
Speaker:
means you're covered up front, but you're gonna have to replenish that over
Speaker:
Yeah.
Speaker:
Oh, interesting.
Speaker:
uh, in addition to their premiums, they had to, they had
Speaker:
to put money back in the pod.
Speaker:
So absolutely involve your, your insurance company in your
Speaker:
tabletops, get to know them.
Speaker:
Uh, treat them as an extension of your incident response team just
Speaker:
like you would your legal counsel.
Speaker:
Uh, tons of value there, tons of experience, um, and good advice.
Speaker:
So you, you talked about, uh, involving them upfront.
Speaker:
You talked about how they can put you in touch during an incident with,
Speaker:
uh, these third party companies.
Speaker:
I, I, is it done where you talk to them in advance and say, listen in.
Speaker:
Can I get to know?
Speaker:
The, you know, pick your, the things that you're most likely to be hit
Speaker:
with, let's say a ransomware attack.
Speaker:
Can I get to know the company that, um, that I would be talking with
Speaker:
during a, during a ransomware attack?
Speaker:
Is, is it, is that done as well where people do that upfront?
Speaker:
Well, I'll answer it, uh, two ways or, or two parts.
Speaker:
Uh,
Speaker:
Okay.
Speaker:
it is, it, it, it is possible to do, but very rarely is it done.
Speaker:
Okay.
Speaker:
Because people don't call their insurance company until something bad happens.
Speaker:
But if you called them and said, Hey, I'm, uh, we're, we're, we're building
Speaker:
out our incident response plan and we want to get to, you know, we wanna do all
Speaker:
this prep work we don't have, we don't have a good forensics, uh, resource.
Speaker:
We don't have a good, uh, you know, extended it remediation resource.
Speaker:
We've got like five people, and if something bad
Speaker:
happens, we're gonna need 10.
Speaker:
Right?
Speaker:
Uh, so the insurance company will say, here are approved
Speaker:
vendors already on our list, and here's their contact information.
Speaker:
And absolutely call them and say, we're just getting ready
Speaker:
for, you know, D-Day and we wanna
Speaker:
Mm-Hmm.
Speaker:
we, we know who you are and you know who we are, and is there any paperwork
Speaker:
we can get outta the way today?
Speaker:
Uh, so that when we do need to engage you, it's not a, you know, we don't
Speaker:
have to go through legal review and, and waste time on paperwork
Speaker:
Yeah,
Speaker:
be able to focus on, on truly getting us back on our feet.
Speaker:
And a lot of, a lot of those organizations will do $0 retainers, especially
Speaker:
gonna.
Speaker:
Absolutely.
Speaker:
Call them and say, do you guys do retainers?
Speaker:
I ideally $0.
Speaker:
'cause I mean, I don't think we're at, we're at risk, but you never know.
Speaker:
And so I don't want to tie money up with, with, with you if I don't
Speaker:
Yeah, just get the paperwork out of the way.
Speaker:
gets your terms and conditions.
Speaker:
Any MSA, any blanket statement at work for incident response.
Speaker:
And um, in a lot of cases, even if it's a $0, retainer, you're kind
Speaker:
of at the top of the list when, when people start calling for help.
Speaker:
Yeah,
Speaker:
I like it.
Speaker:
Any final questions?
Speaker:
Persona.
Speaker:
no, this was fascinating because like you mentioned earlier, Curtis,
Speaker:
we had heard about Cyber sec, uh, cyber insurance, but just getting
Speaker:
down into this level of detail is
Speaker:
Yeah, it's great.
Speaker:
Yeah, I, I love the idea, obviously, obviously you have to
Speaker:
get cyber insurance in advance.
Speaker:
That's the one requirement you have to get it in advance.
Speaker:
I like that.
Speaker:
Just the fact of talking to a cyber insurance company, just talking with
Speaker:
them, you're gonna get that list and that that list is going to help you,
Speaker:
um, you know, give you a list of things that you should have been doing
Speaker:
already and that you can add to your, you know, you can add to your world.
Speaker:
I like that.
Speaker:
I like this idea of contacting them in advance, getting to know them in advance,
Speaker:
involving them in tabletop exercises.
Speaker:
And I really like this idea of using them because they're, they're the
Speaker:
ones who are, because they're the ones that are actually paying, uh, ransoms.
Speaker:
They're the ones that are.
Speaker:
Going to be most likely to have relationships with companies that
Speaker:
will minimize those ransoms, right?
Speaker:
And so the, the people and the companies that they then put you in
Speaker:
touch with are going to be top-notch.
Speaker:
And I really like this idea of getting to know those companies upfront.
Speaker:
I love the idea of the $0 retainer.
Speaker:
Um, you know, just, just priming the pump
Speaker:
Mm-Hmm.
Speaker:
that when you have an incident, you know, like you said, you
Speaker:
have one phone call to make.
Speaker:
Uh, and it sounds like that first phone call, um, you know, should be
Speaker:
the, the cyber insurance provider,
Speaker:
Definitely one of the first phone
Speaker:
One of
Speaker:
one of the first ones.
Speaker:
Who, who do you think should be the first, the legal.
Speaker:
you gotta call your mom first.
Speaker:
I
Speaker:
Okay,
Speaker:
mom, I'm not gonna be home for a while.
Speaker:
I, I think the summary statement here is that, you know, the cyber
Speaker:
insurance folks get, you know, talk to them now, get to know them.
Speaker:
Now, the, the, the more you get to know them and, and I think
Speaker:
that is not normal, right?
Speaker:
I, I don't think that's normal to, like, I don't contact my car insurance company.
Speaker:
Right.
Speaker:
But in this case, uh, getting to know them in advance, uh, is,
Speaker:
um, is definitely the way to go.
Speaker:
All right, well, uh, thanks for coming on Mike,
Speaker:
Anytime I enjoy it,
Speaker:
and thanks again persona,
Speaker:
No, thank you Curtis and Mike.
Speaker:
I hope to have you back on the podcast and I'm sure we'll have great topics
Speaker:
and discussions around cybersecurity.
Speaker:
and, uh, thanks to the listeners, you know that you are, why we do this.
Speaker:
Otherwise, we're just a couple of guys in a mic and that is a wrap.
Listen On
