WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2025 Poal.co

1.3K

This is interesting in many ways. One of the greatest risk responses is transference, and thus why 'cyber insurance' is interesting; it is a relatively undefined area. Though I am a proponent of, and advocate for, cyber insurance, it really is the devil in the details approach to risk response - what I mean is, in order for an org to be properly insured, the org must define 'data' since 'data' is intangible as well as access to said data - ref . This is also includes that of due diligence and due care on part of the c-suite and those charged with fiduciary responsibly - ref Equifax debacle a few years ago. How this will ultimately affect MSPs (Managed Service Providers), CSPs (Cloud Service Providers) and SMBs (Small-Medium Businesses) will be interesting. It will also be interesting how this plays out when it comes to breach notification and protection for multinationals.

If the org cannot - or will not - be insurable, then what recourse to consumers have to protect themselves. Realizing this puts more onus on the org housing the data, this could dramatically increase the 'cost of doing business.' This potential added cost could also steer SMBs away from transference though in some industries it is required.

This is interesting in many ways. One of the greatest risk responses is transference, and thus why 'cyber insurance' is interesting; it is a relatively undefined area. Though I am a proponent of, and advocate for, cyber insurance, it really is the devil in the details approach to risk response - what I mean is, in order for an org to be properly insured, the org must define 'data' since 'data' is intangible as well as access to said data - ref [EMOI Services LLC](https://law.justia.com/cases/ohio/supreme-court-of-ohio/2022/2021-1529.html). This is also includes that of due diligence and due care on part of the c-suite and those charged with fiduciary responsibly - ref Equifax debacle a few years ago. How this will ultimately affect MSPs (Managed Service Providers), CSPs (Cloud Service Providers) and SMBs (Small-Medium Businesses) will be interesting. It will also be interesting how this plays out when it comes to breach notification and protection for multinationals. If the org cannot - or will not - be insurable, then what recourse to consumers have to protect themselves. Realizing this puts more onus on the org housing the data, this could dramatically increase the 'cost of doing business.' This potential added cost could also steer SMBs away from transference though in some industries it is required.

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (5).
[–] 1 pt (edited )

Lots of good info here - thanks. OpenId's sponsoring member list isn't surprising: https://openid.net/foundation/sponsoring-members/

A company can only do so much to mitigate which is the due diligence and due care that has been a requirement for insurance, but if it becomes the norm to not insure based on 'when' then that sets a dangerous precedent for all insurance since insurance is the basis for exactly the 'when' model - we purchase insurance to mitigate when the 'when' happens. Now, if the insurer can prove malfeasance, and/or the lack of due care, then the onus falls on the insured to foot the bill, as it should be.

So what's to prevent insurance companies from saying that not adopting digital ID requirements is lack of due care?

I realize that cyber attacks have a broader scope, but, as we've clearly seen, any rationale for pushing the great reset is fair game.

You're not daft - I'm the daft one not understanding "insurance speak." The roofing comment was an example of how insurance companies get laws/regulations implemented to force roof replacements in order to provide coverage. I realize insurance companies want to minimize their risk, but if they do this with roofs, what would syop them from doing the same thing with digital id? https://www.ocalapost.com/florida-insurance-companies-dropping-policies-for-10-year-old-roofs-regardless-of-manufacturer-recommendations/

[–] 1 pt

I'm trackin'.

So what's to prevent insurance companies from saying that not adopting digital ID requirements is lack of due care?

I don't know exactly how digital ID could be proven to be mitagatory, but I could see it inevitably becoming a requirement to 'qualify' for coverage. Slippery slope.

The remaining part of your response is interesting, and I agree. How this unfolds will be interesting, for better or for worse, and it could very well redefine the landscape.

[–] 0 pt

Yes, it is a slippery slope.

They're going to pull out all the stops trying to push us into the "great reset." I can see a lot of nastiness down the road.