Reply to post: Don't the insurance companies have their own cyber security policies and teams?

Cyber insurance model is broken, consider banning ransomware payments, says think tank

BOFH in Training
Facepalm

Don't the insurance companies have their own cyber security policies and teams?

Assuming the insurance companies are protecting themselves against malware, ransomware, cyber attacks, etc, they should have internal policies they have for their own use.

They should, in theory have an IT team, cyber security team, etc.

After all, insurance companies, generally being billion dollar organisations, should have their own internal mechnisms for cyber defence.

So if all the insurance companies get together, and figure out what they are all doing for themselves, make a standard that captures the policies, procedures, etc.

And use that as a baseline for the customers who are purchasing cyber security insurance.

Am I missing something? Or am I wrong in thinking this should be a relatively easy way to get a standard that they can all agree to.

Hell, maybe even create an organisation which liases with all the insurance companies to check what they are doing, and create yearly standards, which all insurance companies and client organisations have to follow.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021