back to article Resistance is ... cheap? Cloudflare, Mandiant, and pals form incident response 'n' cyber insurance borg

Cyber insurance premiums are increasing and so is infosec's determination to get a slice of that pie: Cloudflare is partnering with Mandiant, Secureworks, and Crowdstrike in a "rapid referral" partnership for under-attack companies. The move was announced today as Cloudflare claimed that insurance premiums "have increased …

  1. Doctor Syntax Silver badge

    "it seems insurers are mostly raising prices and looking for ways to stop paying out so much to attack victims"

    The obvious way - obvious to most of us - to pay less would be to insist on advise customers about adopting better security. Is suppose that's not in the insurers' skill set for stopping payouts.

    1. Cav Bronze badge

      It isn't an insurance company's job to teach you how to avoid risk, although they may as a service to their customers. If customers can't be bothered to implement even minimal mitigation for attacks, then insurance premiums will rise, and insurance companies will reasonably refuse to pay out.

      If you leave all the doors and windows of your car wide open, with key in the ignition, then don't expect someone else to cover the cost of you losing your car.

  2. Cav Bronze badge

    "it seems insurers are mostly raising prices and looking for ways to stop paying out so much to attack victims"

    Which is perfectly reasonable. Insurance is based on risk. If you increase your risk by negligence then you can expect prices to rise. And again, if you don't invest in security and suffer the consequences of an attack why should an insurance company pay out?

    Insurance payments are made in cases of reasonable actions to prevent catastrophe, failing. You can't save your money refusing to implement reasonable protection and then expect someone else to cover the costs of the consequences.

    1. Doctor Syntax Silver badge

      In order to assess the risk they'd need to know something about how the businesses are run. For ordinary business premises they should at least have some knowledge of differences of crime rates between localities, business types likely to suffer from fraud and premises more or less likely to go up in smoke. I doubt they have such meaningful statistics on infosec yet without taking a closer look at what they're covering.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like