Small-town street scene in Illinois American flag flapping in breeze by huge painted American flag fading from brick wall

Episode #53 - Cyber Insurance - Can I Be Protected?

Cyber insurance is a critical part of any risk management program and something that every company must have. Finding the right policy with the proper coverage can be tricky and the major insurance companies are not always the best fit. This week the guys talk with cyber insurance expert, Tony Robbins, about the fundamentals you must know to properly protect your organization. They cover how to identify a good insurer, what questions to ask when getting your policy, and how cyber insurance must correspond with your incident response plan. 

Contact Tony Robbins at

Pick up your copy of Cyber Rants on Amazon.
Looking to take your Cyber Security to the next level? Visit us at
Be sure to rate the podcast, leave us a review, and subscribe!

Mike's Headlines


The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues.

Western Digital Sandisk Secureaccess Flaws Allow Brute Force and Dictionary Attacks

Google Fixed the 17th Zero-Day in Chrome since the Start of the Year

Hackers Steal Microsoft Exchange Credentials Using IIS Module

Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware

New Fileless Malware Uses Windows Registry as Storage to Evade Detection
Log4j Flaw: Now State-Backed Hackers Are Using Bugs as Part of Attacks, Warns Microsoft

Log4j Flaw: Attackers Are Making Thousands of Attempts to Exploit This Severe Vulnerability

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware

Two Linux Botnets Already Exploit log4shell Flaw in Log4j

Log4j: Getting Ready for the Long Haul (CVE-2021-44228)

Volatile and Adaptable: Tracking the Movements of Modern Ransomware
Log4j & The Maryland Health Agency Attack



  • welcome to the cyber rants podcast where we're all about sharing the forbidden secrets and slightly embellished truths
    about corporate cyber security programs we're ranting we're raving and we're
    telling you the stuff that nobody talks about on their fancy website and trade show giveaways all to protect you from
    cyber criminals and now here's your hosts mike rotondo zack fuller and lauro
    chavez hello and welcome to the cyber ants podcast this is your co-host zach fuller
    joined by mike rotondo and laura chavez and today we have a special guest tony robbins who's talking about something
    that's absolutely critical for organizations to have but before we dive into that mike why don't you kick us off
    with the news all right so here's the news for the 17th of december or whenever you happen to be listening
    to this a cryptocurrency company loses estimated 77 million in cyber attack one of the world's largest cryptocurrency
    companies ascendix was hit by a cyber attack that resulted in an estimated 77 million that was stored in the company's
    hot wallets the company has promised to reimburse hot wallet owners for virtual currency stolen from their accounts this
    isn't good but this is also the second large-scale attack of cryptocurrency exchange company on december 5th 2021 a
    different company experienced a theft of 196 million in crypto exchange tokens so if you're
    big into crypto uh be careful yeah just to add to that use a hardware wallet you know leveraging the the
    currency exchanges software e-wallet that they they'll provide you on the site super risky and this is exactly
    what will happen if they make a mistake on the back end you'll lose all your stuff i'm sure you've all heard about the apache issues but this is critical
    the us cisa added 13 new vulnerabilities to the known exploited vulnerabilities catalog including apache log4shell log4j and
    fortnite florida os issues the cve 2021-44228
    flaw made the headlines last week after chinese security researcher p0rz9 publicly disclosed a proof of
    concept exploit for the critical remote code execution zero day vulnerability aka log4shell that affects
    apache log4j java based logging library the impact of this issue is devastating thousands of organizations worldwide are
    potentially exposed to attacks and security experts are already reported exploitation attempts in the wild cisa
    also warns a recent disclosed arbitrary file download vulnerability in florida os track to cbe
    2021 44168 this is actively exploited uh one of the researchers said log four
    shell will continue to harness for years to come so that's you know good news merry christmas dealing with log four
    shell will be a marathon treaty and there are a bunch of additional headlines that i have posted i just i'm
    not talking about all of them during the news section so definitely check out the uh
    the podcast site for there's a there's a lot of information and one of them is that there's actually this is a state
    actor obviously probably the chinese are behind us um western digital sandisk secure access
    flaws allow brute force attacks and dictionary attacks the the sandisk secure access software now rebranded to
    sandisk private access allows storing and protecting critical and sensitive files on sandisk usb file drives
    uh the access to the user's private valve is protected by a personal password and all these files are automatically encrypted according to the
    vendor secure access version 3.2 was using a one-way crypto hash with a predictable
    salt uh this means the software is vulnerable to dictionary attacks so um be careful
    with that check it out if you're using that see if you can get an upgrade get it fixed this is an exciting thing
    google fixed the 17th zero day in chrome since the start of the year uh google released security updates to address
    five vulnerabilities in the chrome web browser including a high severity zero day flaw tracked to cve 2021
    41 which is being exploited in the wild the cve 2021-4102 flaws is a used after free
    issue in the v8 javascript and webassembly engine i recommend you update that as quickly as possible
    next three about our favorite topic well my favorite topic not lauro's microsoft
    [Music] [Laughter] hackers steal microsoft exchange credentials using iis module thread
    actors are installing malicious ios web server module known as oh whoa that's o-w-o-w-a
    on microsoft exchange outlook web access servers to steal credentials and execute commands on the server remotely
    is modules are not a common format for back doors especially when compared to typical web application threats like web
    shelves and therefore can be easily missed during standard file monitoring efforts so right now this is big
    happening big in southeast asia but we're also seeing signs in europe and by now i'm sure like omicron it's in the us
    microsoft issues windows update to patch zero day used to spread emote malware
    microsoft has rolled out patch tuesday updates to address multiple security vulnerabilities in windows big surprise
    and other software including one actively exploited flaw that's being used to deliver emma trick bot or basil
    loader malware payloads uh the most critical of the lot is cbe 2021-43
    890. so patch and what will they think of next files new
    fileless malware uses windows registry as storage to evade detection a new javascript based remote
    rat propagated by a social engineering campaign has been observed employees sneaky
    employing sneaky files techniques as part of the detection of asian methods to elude discovery and analysis the rat
    utilizes novel methods for file as persistence on system activity and dynamic runtime capabilities like self
    updating and recompilation recompilation represents an evolution in fl and
    fileless malware techniques as it uses the registry for nearly all temporary and permanent storage and therefore
    never writes anything disk allowing it to operate beneath or around the detection threshold of most security
    tools yeah if you wanted to hide something forever and never like if i wanted to hide some place that i knew
    nobody would ever find me it would be in the windows registry hd local machine find me yeah i remember back in the old
    days when we used to have to hack the registry to make things work now we don't go anywhere near unless we have to
    yeah it's administrative privileges to all those are the big headlines like i said we have a bunch of log 4j headlines
    that we have listed on the podcast website there's probably seven or eight of them there's additional things that are very very much concerned
    concerning so if you got apache make sure you're patching uh laura what do you get well just a couple on to what you were
    talking about um really i think it's it's still kind of important for us to be talking about the log for shell uh
    java based vulnerability so if you're one of our clients you would have gotten our email last week we did talk about this last friday on the podcast you
    can't say we didn't warn you that log4j was out i listed that on exploits however ask yourself a simple question
    do you have an application running job if the answer is yes you need to go check it for the log for shell exploit there's a lot
    of new capabilities even information disclosure so a lot of times if if
    you've patched there's still some information disclosure that can be gleaned just from the severity of this this flaw
    in in java architecture right so um remember if you're running java check yourself
    all right well we got a guest today so i don't want to talk about the untalked aboutables we have enough of that we're
    not going to do the evil tag team of uh wordpress and microsoft today no and you know i'm starting to want to
    add google to that stupid list too because it's like they're like on they're like in the hot seat to become the next microsoft you know i mean with
    the level of crap that's coming out of chrome these days you can't even hardly use a browser in good faith exactly
    they used to be secure now they're turning into internet explorer activex oh which reminds me there was throwback
    hack that was that was posted to the exploit db today that i want to give a cool old-school shout out it was for
    activex uh authentication bypass that worked in the old internet explorer pretty funny to see something like that
    posting out there today it wouldn't shock me considering we just heard somebody who's still running windows 2000 right right
    exactly yeah if you run windows 2000 you get what you deserve
    well i have some unfortunate news for our listeners
    this is our last episode of the year of 2021. no the good news is we're going to
    start again in january oh so don't worry but you're gonna miss us for two weeks
    uh but that's all right we're gonna come back better stronger reality is we have
    holidays and uh lots of business stuff too we have a business for those people
    that don't know but um yeah so we're a lot of year-end stuff holidays we're taking a break for two
    weeks uh and then coming back with new topics new adventures on the cyber ants
    podcast in 2022 and it's gonna be a good year i can feel it i can feel it for
    today though we are we're wrapping up the year with a special guest and uh we're going to talk about something that
    is very much needed and very critical for organizations to have believe it or not
    some still don't and that is cyber insurance and we're gonna learn everything we never thought we
    needed to know about cyber insurance so that we can equip ourselves equip our listeners uh with power to make better
    decisions make sure they have a good representation of the insurance side to get them the right policies so if and
    when something happens they are covered so we're going to dive into that we will take a quick break and be right back want even more cyber rants
    be sure to subscribe to the cyber rants podcast get your copy of our best-selling book cyber rants on amazon
    today this podcast is brought to you by silent sector the firm dedicated to
    building world-class cyber security programs for mid-market and emerging companies across the us silent sector
    also provides industry-leading penetration tests and cyber risk assessments visit and
    contact us today and we're back so we have special guest today tony
    robbins joining us to uh he's an expert in cyber insurance and involved in that
    field and is going to share some insight with us so tony i want to thank you first of all for joining us on the show
    today thanks guys i appreciate being here thank you very much it's a it's a pleasure to have you and
    um would you mind uh kicking us off with kind of your journey in the insurance
    world and just kind of a brief overview of how how you got into cyber insurance why is it so important well uh i'm a
    insurance broker i've been in this business for about 11 years now uh up until a few years ago you know
    cyber security wasn't even on my radar i was primarily you know i'm still primarily a life insurance agent that's
    my uh bread and butter uh but a few about a year year and a half ago i started seeing the trends um
    people being hit the ransomware uh started hearing a lot of uh chatter from
    clients and potential clients about you know not knowing where to turn not knowing what to do uh in case something like
    that was a hit them uh not being aware in a lot of ways of how
    devastating a cyber attack could be i started doing some research
    found some solid companies to represent and uh you know i'm still i'm similar learning
    phases so much this is a very vast and deep um area of business
    so i'm learning something new every day but understanding you know how um
    companies can you know really be devastated by this especially the mom-and-pop places they really don't
    have any idea because they're just not you know in that loop so to speak
    to understand how devastating something like this could be to their their business and their employees so
    i took it upon myself to try to learn as much as i can so far about this business and to provide a service for them to make sure that they are
    in a situation where they're not you know losing everything to a you know a malicious attack
    and and you work with a lot of small and medium-sized businesses out there and i think you're exactly right they're
    they're not in the loop they don't really understand what is truly at risk it's kind of out
    of sight out of mind almost so the insurance is a is a great way um granted a preventative or it's not
    not a preventative measure right by the time you you have to use insurance um you're in an unfortunate situation but
    it's so critical to to have that is there a certain scepter that you see that's underserved or a certain sector
    of business that you see is um just just really maybe under insured and
    underprotected you know it's across the board uh there's no there's not one area
    of business that is not vulnerable to an attack and um i tell you you know something as
    simple as restaurants and bars they really have no idea you know how
    they could be because they you know they do a lot of cash transactions they don't think that
    people are sitting having a good time are tracking how their business is run and they don't understand how easily
    they could be you know uh hit but again it's across the board every
    business is vulnerable uh i don't care if you're you know you have a dog seeking service or you you know
    upcoming you know multi-million dollar company if you don't have something in place to
    mitigate the risks that uh an attack could you know wrought on your business then you know
    you're sitting duck you know so uh i i tell everybody i meet
    that no matter what business you're in you too are vulnerable so
    yeah i mean if you ever put it this way if you have a computer if you use the computer or a smartphone you're
    vulnerable and that's pretty much everybody absolutely big big it's unfortunate
    problem but i think one here that's here to stay and so it's important i think cyber insurance is just a fact of doing
    business just um just like in your general liability policies or anything else um exactly that's something that's
    required it it blows me away because we ask uh companies when we're doing our
    scoping discussions and putting together um plans and statements of work and such we we ask you know are you do you have
    cyber insurance and um every once in a while a lot do but every once in a while we hear no we don't we don't have that
    and that's that's a real problem um and and there's a lot of reasons for that we may get into that when it comes to
    incident response and such but for now let's talk about let's talk about for those people out there that
    maybe they have insurance but maybe they don't really understand it or are worried about being underinsured um
    are there are there key differences that you look for in policies and kind of key um
    points that you need to make sure are included for for adequate protection
    yeah um the thing i run into a lot excuse me is that you know most people
    say well i have an addendum to my my general business plan my commercial policy well a lot of times those um
    addendums do not cover ransomware does your policy have a plan in place
    to help find out where the breach occurred does your plan have a policy in place
    to keep your business up and running uh after the breach does your plan have
    a a policy in place to make your customers who are who may be violated by by that
    breach whole so there's a number of different factors that you need to look to you
    know look at when choosing a uh policy but again there's so many different ways
    to be attacked you have to make sure that the company you're dealing with is upgrading their knowledge of the
    of that realm to make sure that they're staying on top of every
    way that you can be victimized and unfortunately a lot of the larger insurance companies add
    policies you know add an addendum to their general business or commercial policy they're just not up on things
    like that so that's that's a great point it seems to me with my limited knowledge of cyber
    insurance but it seems to me like i hear a lot about exclusions and things that the
    that the policies won't cover that people people aren't anticipating so that's
    good to know that ransomware is a big one one of those exclusions are there
    are there struggles with with are you seeing in the small mid-size business market uh struggles with getting
    policies issued just because there's a lack of fundamentals i mean our secu are the
    insurers getting more strict on who they issue policies or uh to or how they provide coverage i
    will say that pretty much any business out there that is find themselves in a vulnerable
    position is eligible there's no companies that you know i haven't run
    across with the companies i represent where they're turning down anyone simply because of the nature of their business
    um you know they may not have enough income coming in or they're not big enough or they're
    not in the right area that makes them feel comfortable now that may be the case with some of your larger insurance
    companies yeah i know and i'm hoping i'm covering your question adequately but um
    some of your larger insurance companies may have stipulations where they won't cover this business of that business but i pretty much work with standalone um
    cyber security companies and they have a broader base of uh businesses that they'll work with
    dude tony do they ask any are there any kind of due diligence questions or um any like audit of the client prior to
    issuing a policy so that they can you know help with underwriting or is it just basically you know hey i've got a
    business this is what i've got and then we're going to write a policy for it or or do the insurance companies that you represent actually
    ask questions you know they'll ask a few here and there but for pretty pretty much for the most part we do a basic summary check of
    your income we check to see how many employees you have because obviously that you know we
    want to make sure that you know that that adds to the risk um you know the more people who are in
    your system the more you know gateways to an exposure happening uh so
    yeah there are a few questions here but you know nothing over the top you know we pretty much for the two companies i
    represent uh we pretty much covered just about anybody there's no real huge exclusions
    uh that would preclude um just about any business and again i say just about because i haven't
    run across any any business that we couldn't cover so you know
    it's just like you know you go to you know get an insurance but now i will
    if you have had claims before that will you know in your current
    policy or previous policy that will add to some scrutiny and may preclude you
    from getting coverage but again this coverage is still so new
    i have not run across many companies if any of i can remember that have been
    turned down because of prior um loss claims that's that's good to know i
    think because especially in this for small to medium-sized businesses that this is um that good policies are
    accessible i think you know larger enterprise i think they're under more scrutiny and
    big questionnaires and all that for big policies but it's nice that the industry has made it accessible for the
    um for the businesses that really really need it that just don't have uh
    a clue in a lot of cases of the the all the various risk factors out there so
    um are there certain policies that you're seeing that you would you would recommend clients
    over others out there on the market in other words are there i mean i'm sure they're not all created equal right
    they're probably some that are a lot better than others for small mid-sized businesses would you would you be able
    to share those i know you you probably can't share the names of the companies for regulatory issues but are there traits
    that you look for in a policy that um a small business or medium-sized business
    should have yeah you definitely want to um have a comp deal with a company who has a plan
    in place to walk you through um the process of getting yourself back
    home and unfortunately like i said a lot of your larger policies a lot of your addendums or endorsements to a general
    policy do not do that and that's why i'm a big proponent of standalone policies these policies have
    a whole process set up to walk you through the initial claims process
    uh to do the research necessary to you know find out where the hole is or multiple
    holes are uh and then to you know even down to your third-party vendors who may
    have you know done something um on their part to allow this
    transgression to take place so again not that i'm bashing uh addendums
    or endorsements to other companies but i just truly believe that if you're gonna go this route you need to go with a
    standalone company that has a whole uh process that can show you that on paper
    of how they would um walk you through the whole you know i got this happened
    uh x my dollars were taken uh my my system has been locked up i
    can't access my system as a brick right now i'm losing business um
    there are so many different ways that a smaller medium size company can be devastated and you
    want to make sure that the company your your uh your insurance cyber insurance company has a way to deal with all of
    that um you know one of the companies i represent and that's the in their primary my they're
    my primary company simply because they offer so much to the uh client if you're small to
    medium-sized you can't afford iot department you can't afford to um in your budget to have a winning team like
    you guys on hand to you know make sure their vulnerabilities are you know taken care
    of this particular company can offer that at a little bit more of a price point
    uh then you know a little bit higher of a price point without breaking the bank i have another
    one over here that's a little bit more cost effective for a smaller company with smaller revenue but that does not
    mean that their services are any less uh as dynamic as the other company you know and you know so
    you want to make sure that everything is in place you want to walk through that policy to make sure that
    everything every aspect of your needs are met in case of a breach uh because
    you really have no idea of the amount of damage
    ransomware or a somebody breaking your system can can cause you you know you can't get invoices in you can't you
    can't you have no money coming in you can't conduct business employees can't do this you have
    uh that information that's missing so i mean it goes on it well you guys
    know it goes on and on and on and on yeah we've we've certainly done some forensic investigations for ransomware
    attacks and you know even even assisted in mitigation it's it's quite a nightmare
    and um you know you're right tony a lot of a lot of smaller businesses they don't you know they don't consider that
    you know your data gets locked up and your your system is now locked up where did you put that password to log into your your
    bank app so you can pay your employees or your square or anything else right i mean you have to remember that if you've
    got one-time pin codes all on the same computer or all on the same device and your device gets locked how you gonna
    get those one-time codes back did you print out backup codes right so there's a lot of things that that these small
    organizations aren't considering for for worst case scenario and um you're right it's it's the most important thing is is
    who's you can't call geek squad right not not bashing those guys but they're just
    you know and uncle chico is not going to come he may know computers but he's not going to come walking back from a
    ransomware attack right i mean it's just it's not going to happen you know the the you know your your sister's grandson
    or whatever the case may be it's it's going to be devastating and you're going to be rebuilding from scratch unless you have a professional
    team to be able to help you walk back and do the forensic discovery on what happened help you fix that from happening again
    and then also hopefully help you rebuild your systems negotiate ransoms that whole bit right
    and that's that's part of those those insurance policies right tony where they'll they'll come in and
    they'll negotiate ransoms or they'll they'll help with that and um as well as do the forensic analysis and help you
    rebuild and get back to you know some form of a normal a normal operating environment
    that's exactly the part you there you just mentioned about the negotiation i mean they have no i mean these
    threat actors the same way a burglar will watch from the street how you and your family move
    in order to figure out how to hit you these threat actors do the same thing to businesses and
    they don't understand that yet the the negotiation process of getting this taken care of so you can
    get your information back and get your company up up and going they you know
    they just don't get how devastating this can be and the total cost of a business
    interruption it's just there's so many things and trying to convey that to a you know a business owner you know guy
    who's been in business 30 40 years long before things like this took place it's it's it's an uphill battle until
    you have to have the data to show them you know so yeah threat actors or threat actors are clever too right they'll um
    you know they'll encrypt your data but they'll use a separate key for every file so even if you pay them you're left
    trying to figure out what key goes to what file and you've got 10
    i million the last stat i saw was it cost five times as much to restore business as to
    prevent a hack and uh wow can be devastating so
    yeah i believe it and i've been looking at well some of the financial data we have from
    various clients and such that that where we translate cyber risk into financial
    metrics some of those have been upwards of ten times what they would pay on on services
    um so it's pretty outrageous and and one of the things too we always advise people
    is that you know you have to have cyber insurance place for that for the resources in the event of a
    breach um right like what you what you just mentioned tony i like that that description that illustration of them
    walking you through the process start to finish and what happens if then being able to answer to those different
    scenarios i think that's critically important because for one and i think i think laura mentioned the forensics and incident
    response well your cyber insurer is going to have pre-approved vendors for
    that type of thing right so you don't have to go out looking for it they're going to have people that they cover that they already have relationships
    with and i think that's a a critical asset uh to have so um i i like that description tony of
    basically making making sure that they're showing you the ins and outs of of what happens in various scenarios
    rather than just saying here's your policy good luck and i think that's
    critical how much does and you mentioned you mentioned a couple different
    providers and such i mean i'm sure you see a lot of different stuff in the insurance world but how much does price
    correlate to quality is it is it more about really going out and seeking the right
    provider or is it is it as simple as the more you pay the the better your coverage
    well uh that is that last part you just said is true 280 degree i mean if you
    get the basic package obviously you're going to get basic services but the more you do pay within um that
    realm yes it covers more items now as far as companies are concerned you know
    you can have a very high-end well-established company who may charge
    you a lot more but do they actually provide their services in order to make sure that everything is
    in place in case of a breach you know again if this company
    is doing more than just cyber security that's highly unlikely
    and again i'm not bashing the big companies that have added who have over the last few years added this
    uh for their customers i'm just an advocate of the standalone companies who are built to do nothing
    but this uh and that will and the pricing there is very competitive
    uh you're not going to with those companies you're not going to have to spend a whole lot more in order to get
    adequate service uh you can you know if you're a smaller medium-sized company and do not have a lot of a big budget
    for you know adding something like this to your bottom line it's not going to break the bank and you'll still get the peace of mind to
    know that you know if a breach takes place um things will be taken care of and you
    can still afford to pay your employees you can still afford to um service your
    clientele so um [Music] yes price is not the price is not as
    exclusive to the larger companies could afford it do the
    possibilities of income loss of revenue or is it you know you're kind of on your own for
    that no loss of income is covered you will have a plan in place
    in order to make sure that um your business is able to get its bills
    paid keep the lights on um there is a component to that just like you know if you were to get into a
    car accident you need your you know your bill your medical bills need to be paid you you know there are certain
    aspects of that policy that are more more broader than um others and again
    you're going from basic to intermediate to you know uh the more elaborate polit parts of the policy uh
    depending on where you're able to pay but for the most part all of our policies all the
    both the companies i represent in all their policies do have some a plan in place to keep your lights on and keep
    everything going and to make sure your employees get paid and um you know to help keep you afloat so that's all i
    have a question for you tony and i think mike kind of started talking kind of toward this earlier
    is is it is it safe to assume that cyber insurance companies in the future
    will begin to maybe up their standards for taking or for writing policies based on
    the the preconditions of the you know of the organization as an example right getting health insurance with
    pre-defined conditions is tough right and they're asking me right do you smoke do you do this or whatever the case may
    be it seems that because ransomware and cyber attacks are not going down right
    everything is increasing and with you know everybody kind of just wielding technology at a whim we can you know
    safely assume it's going to continue to increase so do you feel that the insurance companies will will maybe start
    requiring you to have certain things in place like you know maybe asking companies for a
    security questionnaire that you know kind of covers what base i.t security they have today like they've removed
    administrative privileges from everybody that's that's working they're all the employee workstations do they have some form of antivirus working if they align
    to some form of security framework do you um and so i guess do you feel like they'll kind of move that way to try to
    cover the risk that they're they're greatly assuming by like blanketly just
    covering somebody in a policy that's probably gonna mess up you know what it's inevitable now the
    companies i represent they are they do have plans in place uh the one company which is a much larger company they will
    do an assessment of your business uh they will give you recommendations to implement but if you
    do not implement them at this time they will still cover you now as the as
    you mentioned before as these attacks increase you're going to have to have
    situations where these insurance companies are going to have to you know keep their costs down you know uh you're
    going to have to implement certain things just like if you you know if you drive a car if you have had prior duis
    you may have to pay more if you have prior accidents you're going to have to pay more
    if you are not adhering to basic uh protocols in order to protect
    yourself then you know and if it's an ongoing problem then you may get dropped um is
    this going on now with my particular companies no uh they are as you said they are
    allowing just about anybody to get a policy but in the future
    as we go more and more online it's inevitable that that will happen it just does it just makes sense
    you know yeah yeah it's like i can teach one squirrel to drive the car but that doesn't mean we should just blankly insure all squirrels to drive exactly
    exactly because
    for once in your life [Laughter] they're very talented creatures as well
    well thank you so much tony you know that's that's i think that's great advice you know looking for a lot of
    great things but really look looking for those companies that are specialists in cyber security um
    that's that's outstanding and not something i would have necessarily thought of i would have thought of just going to
    the major insurer that kind of does everything but i think there's a lot to be said for specialization especially in
    the world of cyber security and there's a lot of knowledge to be had so um it's great to hear that these companies are
    upping their game when it comes to the actual support as well as the the
    the coverage in terms of dollars so so that's outstanding any any final
    words of words of wisdom um tony or anybody for that matter
    any pitfalls people need to be concerned about or anything you'd leave leave the listeners with
    well first i want to say you know thank you guys for having me on here um you know we like to think of ourselves
    in the cyber insurance business as you know in partnership with guys who do what you do you know um we want to make
    sure that our clients understand that um you know working with us is great but the same
    way you have you know a great mechanic or for your car you have a great contractor for your home
    you know you have insurance for your home but you also have professionals on hand to help make sure
    um things are you know in good working order and you're covered and you know everything your you and your family are
    safe and that's how we view what you guys do so um we just make sure our clients and
    customers and potential customers understand that this is we're going to a world where this will be necessary and it's i mean
    it's necessary now but it will be even more necessary in the future and if you're not prepared for
    what is going to come then you you're doing yourself your family and your business
    people who rely on you a serious disservice you know um you got to have this in place if not then you know
    what are you doing you know yeah i know that's great
    great yeah and i just i just add to that and say that you know check your your cyber insurance policies make sure that
    you know it's not something that was added on and that it covers what you really need in the case of
    something happening yes great point i mean you have to be i mean if you're not prepare for if your insurance policy is
    not prepared for every aspect of what capacity can happen then you need to do some shopping around well you also need
    to look at your instant response policy and make sure that your instant responsibility does not in some way void
    what your insurance policy will cover if you you know if forensics are required for a laptop that gets exploited and you
    turn that laptop off and wipe it before the insurance company gets to it that causes a problem so you make sure
    you actually read your policy and see what's required and then exactly response documents around that and you
    process around them and that's the core of everything the response what your company is willing to do to
    get you whole you know that's the core of it so if there's no proper response policy there
    then you need to start shopping great well well thank you so much tony
    you are i know you're licensed in a handful of states arizona ohio florida
    uh and some others if um people are looking to learn more or maybe take a look at their
    current coverage or purchase coverage for the first time how how should they get a hold of you
    well you can reach me by either by phone 480-516-2234
    or you can reach me by email at robin's insurance group group is spelled grp robin's robb ins insurance group grp great well well thank you so much tony a
    pleasure and a pleasure to have you and it's a critical topic so those people that are aren't aren't 100 sure of their
    coverage i hope you go out there and check it out get that done and get a new
    policy if you need to or upgrade what you have make sure you're working with an expert and somebody who really knows
    what they're doing in this in this space so thank you everyone for listening uh the articles and tony's information will be
    on the podcast website and be sure to subscribe through your favorite podcast
    platform whichever one that may be rate the podcast and reach out to us if you have any requests for topics in the
    future anything like that we'd love to hear from you thank you so much i hope everybody has a merry christmas happy
    holidays happy new year and we will see you again in january
    have a good time people be careful out there pick up your copy of the cyber ants book
    on amazon today and if you're looking to take your cyber security program to the next level visit
    us online at join us next time for another edition of
    the cyber rants podcast [Music]