On 2019-09-14 08:10:50 -0500, Spencer Graves wrote: > As I'm thinking about it, the companies that provide cybersecurity > insurance could be the best points of leverage for this, because they think > about these kinds of things all the time. Insurance companies for decades
I wouldn't set my hopes too high. Bruce Schneier recently quoted from https://tylermoore.utulsa.edu/govins20.pdf (which I haven't read yet): | Cyber insurance appears to be a weak form of governanceat present. | Insurers writing cyber insurance focus more on organisational | procedures than technical controls, rarely include basic security | procedures in contracts, and offer discounts that only offer a | marginal incentive to in-vest in security. However, the cost of | external response services is covered, which suggests insurers believe | ex-post responses to be more effective than ex-ante mitiga-tion. | (Alternatively, they can more easily translate the costs associated | with ex-post responses into manageable claims.) hp -- _ | Peter J. Holzer | we build much bigger, better disasters now |_|_) | | because we have much more sophisticated | | | h...@hjp.at | management tools. __/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
signature.asc
Description: PGP signature
-- https://mail.python.org/mailman/listinfo/python-list
