discgman t1_j25opao wrote
Why did this company not buy tech insurance? Obviously if they did they would be out of compliance because they had a security hole and got hacked.
hombrent t1_j25vt9r wrote
If you think that being in compliance means that you can't be hacked, you've never worked in compliance.
Being in compliance just means that you have giant piles of paper with checkboxes that are all checked. None of those checkboxes actually enforce real security.
discgman t1_j260nvg wrote
Actually I’ve been involved in said policies and we had to have actual equipment and software in place
hombrent t1_j266uod wrote
Yeah, but you don't need to configure it well. You just need to document that you have it, and that only authorized people can configure it.
​
Oh yeah. And you need to write a policy that says that you need to have it.
discgman t1_j26h6oa wrote
We also did a security audit paid for by state funding
GreenAdvance t1_j25x6ks wrote
That wouldn't invalidate the coverage. As long as you can show your company and employees have policies and procedures in place and are being followed your claim will be approved.
Source: personal experience making a claim on a cybersecurity policy.
discgman t1_j260hfl wrote
Recently we have been required to have specific safeguards in place to be approved. They were very specific and required more money being invested in security. If we didn’t adhere to said list we would have been dropped
Viewing a single comment thread. View all comments