Comment Re:About costs, what works for fire safety is (Score 2) 283
>
As it happens, insurance companies are experts at calculating risks and costs. I expect over time they'll get involved in cyber security in a similar way as they are involved in greatly reducing fire risk.
That's quite an imperfect analogy. You're comparing products they sell and underwrite vs their own personal best practices, but let's ignore that for now because regardless the cyber experience is just not there at insurance companies right now. Insurance companies, even those like mine offering cyber coverage, don't have boots on the ground like they did for fire & allied lines. When it comes to fire, insurance companies employ (and still have) claims adjusters who had physical experience from looking at properties damaged in fires and investigating their causes. They do outsource sometimes too but a majority of the time they don't. Should they be hiring claims adjusters that are experienced in cyber forensics? Yes, I'm surprised they're not. Maybe they will *someday* but they don't right now. At my company they rely on outsourcing *all of it* it. The elephant in the room we're all being forced to see here is cyber attacks carry a far steeper and more dynamic sophistication than fires. Don't get me wrong, fires are sophisticated but it's a completely different playing field. I don't think we have to go through the laundry list of why they're so different but we can.
In fact, I'm actually going to take your example and use it to beat you to death with it. Let me point out terribly unfortunate flaws. Insurance companies first started covering fire in the early 1700's. The UL wasn't founded until 1896 and the NFPA wasn't founded until 1896. Yes, that's almost 200 years later. YIKES. So those organizations make awfully terrible examples of "prowess" by insurance companies. As an insider I can tell you when it comes to technology insurance companies lag the rest of the world, not the other way around. But you are right they will figure it out, eventually.