Re: Lloyds to offer hacker insurance

[darrenr () reed wattle id au]

In some email I received from Kevin Tyrrell, sie wrote:
[...]
> Buying insurance against "hackers" might actually make some companies less
> secure. They have been certified as insurable (secure), so they can put
> security on the back burner until its time for next year's checkup, then
> they get whacked. But hey, they got insurance.

I'm somewhat bemused by the attitude towards audits.  At least here, in
Australia, legal firms are auditted twice anually and one (if not both)
are random audits where the only notice you get is when they ring the
bell to say they're there.  This probably happens in a lot of other
cases too, it's just the only one I personally know about.  I can't see
why IT security should be any different.  Maybe there's a call for more
regular audits - who knows ?

I'd expect that if you did fail an audit that your certification would
(at least) immeadiately lapse and so possibly void your insurance.

I'd imagine that would be somewhat embaressing too.

Darren