Viewing a single comment thread. View all comments

discgman t1_j25opao wrote

Why did this company not buy tech insurance? Obviously if they did they would be out of compliance because they had a security hole and got hacked.


hombrent t1_j25vt9r wrote

If you think that being in compliance means that you can't be hacked, you've never worked in compliance.

Being in compliance just means that you have giant piles of paper with checkboxes that are all checked. None of those checkboxes actually enforce real security.


discgman t1_j260nvg wrote

Actually I’ve been involved in said policies and we had to have actual equipment and software in place


hombrent t1_j266uod wrote

Yeah, but you don't need to configure it well. You just need to document that you have it, and that only authorized people can configure it.


Oh yeah. And you need to write a policy that says that you need to have it.


discgman t1_j26h6oa wrote

We also did a security audit paid for by state funding


GreenAdvance t1_j25x6ks wrote

That wouldn't invalidate the coverage. As long as you can show your company and employees have policies and procedures in place and are being followed your claim will be approved.

Source: personal experience making a claim on a cybersecurity policy.


discgman t1_j260hfl wrote

Recently we have been required to have specific safeguards in place to be approved. They were very specific and required more money being invested in security. If we didn’t adhere to said list we would have been dropped