Former DHS Official Announces Plan To Sell Cyberattack Insurance
from the build-a-market-with-taxpayer-funds,-collect-upon-'retirement' dept
Our nation's top security guards are all retiring to go into the cybersecurity business. Former NSA chief Keith Alexander is asking (only) $1million/month for his cybersecurity consultations, which apparently include the use of patents he developed completely unrelated to his NSA work in his basement during his spare time.Now, former top DHS official Tom Ridge is getting into the cybersecurity business, albeit one nowhere near as glamorous as Alexander's rockstar-level consulting service. Instead of showing up occasionally to offer his expertise (and collect paychecks) on cyberattack preparedness, Ridge will be performing the most "everyman" of services: selling insurance.
Ridge on Monday announced a new cyber insurance package that he said should make it easier for companies to safeguard their networks and their bottom lines.When selling insurance, the old adage "can one have too much insurance of course not better safe than sorry here is some anecdotal evidence supporting my profitable belief" is doubly true, thanks to government agencies (such as Ridge's former employer) pushing a very fearful and apocalyptic narrative. At any moment, US businesses will be hit by "cyber Pearl Harbor" and former government officials like Ridge and Alexander are perfectly placed to take advantage of their own agencies' previous cyberthreat
“What we have seen is the sophistication of these attacks continue to elevate,” Ridge said at a launch event in London, according to Bloomberg news service. “Who would have thought that JPMorgan, with its security budget, could be hacked into? Now a lot of people are thinking if it could happen to them, it could happen to us too.”
The first Homeland Security secretary’s new company, Ridge Insurance Solutions Company, is teaming up with the insurance giant Lloyd’s of London to sell cyber insurance coverage.
Ridge makes the claim that simply offering insurance will prevent attacks, which is an odd thing to say about a purely defensive product meant to mitigate post-attack financial damage.Ah. But mostly about insurance.
Ridge said the new insurance is designed to help prevent those types of attacks.
In order to obtain insurance, companies will need to make sure their cyber defenses are up to snuff, which in and of itself should make businesses more secure, he predicted.
"This is not just about insurance but helping and incentivizing companies to manage their cyber operations more effectively,” Ridge said in a statement.
Insurance policies of as much as $50 million each are available from today... The company expects to generate $40 million in premiums in the first 18 months.True, insurance isn't nearly as profitable if payouts are constantly being awarded. Hence the demands for up-to-snuffness. But it also helps if you've got a background in overselling the threat, which makes the product and its premiums seem miniscule in comparison to the potential damage. This would explain the press junket bearing headlines like "Ex-Homeland Chief Says Risk of Cyberattacks Elevated."
So, did Ridge join the DHS with the express intent of developing a market for his post-retirement dip into the private sector waters? My tin foil hat isn't that snug, but I'm sure his years of priming the cyberthreat pump factored heavily in his post-retirement job selection.
Here's a statement of Ridge's dating all the way back to 2003, as quoted in a United States Institute of Peace cyberterrorism report. [pdf]
“Terrorists can sit at one computer connected to one network and can create worldwide havoc,” cautioned Tom Ridge, director of the Department of Homeland Security, in a representative observation in April 2003. “[They] don’t necessarily need a bomb or explosives to cripple a sector of the economy or shut down a power grid.” These warnings certainly had a powerful impact on the media, on the public, and on the administration.The Hill points out that some critics are upset the government isn't doing more to protect companies against cyberattacks. I'm guessing Tom Ridge (and Keith Alexander) are no longer members of that group.
For instance, a survey of 725 cities conducted in 2003 by the National League of Cities found that cyberterrorism ranked alongside biological and chemical weapons at the top of a list of city officials’ fears.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cyberattack, dhs, insurance, tom ridge
Reader Comments
Subscribe: RSS
View by: Time | Thread
That sounds about right
I actually completely agree with him here, however somehow I doubt the 'terrorists' he's thinking of, and the 'terrorists' I'm thinking of when I read that are one and the same.
[ link to this | view in chronology ]
Re: That sounds about right
[ link to this | view in chronology ]
This is actually scary
Once that happens, the next bailout will come with strings attached. In an effort to lower insurance risks, the feds will insist on more monitoring and sharing of internet data.
[ link to this | view in chronology ]
Re: This is actually scary
[ link to this | view in chronology ]
[ link to this | view in chronology ]
1984
re: United States Institute of "Peace"
We shouldn't forget that the United States Institute of "Peace" had the the notorious racist and warmonger Daniel Pipes on its board. In true "1984" style, these organizations typically name themselves the opposite of what they actually are.
[ link to this | view in chronology ]
And cyberattacks will happen.
[ link to this | view in chronology ]
I think you miss the actual business model
It particularly helps if you've got a background in being the threat.
It's the way the Mafia sells insurance.
[ link to this | view in chronology ]
The next big thing will be forfeiture insurance , Pulled over by thieving Law Enforcement protect your cash and property with one of our comprehensive insurance policies.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I can't believe I've become this cynical.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The worst threat to cybersecurity is the companies themselves.
How about we actually start punishing those companies with large amounts of public information and that has well known security holes before information is leached. Fines so relatively large that it won't be financially sound to pay up after the fact instead of keeping security up to date.
No those who needs insurance are the people who can find their personal information for sale to the lamest bidder.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Is this any worse than Michael Chertoff's revolving door turnaround? As DHS secretary, he was a strong advocate for those naked body scanning machines that every airport is required to have. Then as a private citizen, he was on the companys payroll.
But honestly, is there anyone in government that does not cash in when they leave office? Like it or not, it's become as American as baseball and apple pie.
[ link to this | view in chronology ]
Re:
"Like it or not, it's become as American as baseball and apple pie."
Yes, it's common. So what? That in no way means it's acceptable or that we have to be OK with it. I, for one, can never be OK with corruption.
[ link to this | view in chronology ]
Re:
everyone of his peers doing It ,still doesn't make it right.
I've lost the ability to hold my head up high as a Proud American.
[ link to this | view in chronology ]
The other problem
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I wonder what they're going to call themselves...
RISC - LoL
[ link to this | view in chronology ]
Retirement plan for successful thieves
Extrapolation:
The NSA is not at all worried about its retiring employees aiding the American Business Community in keeping secrets from the NSA, because the tech that these employees bring to the table is years old and obsolete and has been replaced with stuff that can't be stopped by the methods that these ex-employees can provide.
But, because the American Business Community does not know this, its a great retirement fund for old spies to dip into, to help pay for that castle in Spain, the 120 foot yacht and that nasty nose-killing habit they picked up during stake-outs and stalking bouts.
---
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Thanks. Can't remember the last time I heard that. :)
[ link to this | view in chronology ]
Since it is most likely true, why not capitalize on it. Fear mongering is an important tool in a capitalist society.
[ link to this | view in chronology ]