The wild and wacky world of cyber insurance (+podcast)

If you have ever tried to obtain property insurance, you know you have a “project” cut out for you. Figuring out what each insurer’s policies cover — and don’t cover — is a chore. When you finally get to the point where you can compare premiums, many of you just want the pain to end quickly and probably pick a carrier more out of expediency than economy.

Now multiple this by two factors: first, you want to get business insurance, and then you want to get business cyber insurance. If you are a big company, you probably have specialists that can handle these tasks — maybe. The problem is that insurance specialists don’t necessarily understand the inherent cyber risks, and IT folks don’t know how to talk to the insurance pros. And to make matters more complex, the risks are evolving quickly as criminals get better at plying their trade.

My first job was working after college in a key punch department of a large insurance company in NYC. We filled out forms for the keypunch operators to cut the cards that were used to program our mainframe computers. It was strictly a clerical position, and it motivated me to go back and get a graduate degree. I had no idea what the larger context of the company was, or anything really about insurance. I was just writing numbers on a pad of paper.

Years later, I worked in the nascent IT department of another large insurance company in downtown LA. This was back in the mid 1980s. We didn’t know from cyber insurance back then: indeed, we didn’t even have many PCs in the building. At least not when I started: my job was to join an end-user support department that was bringing in PCs by the truckload.

So those days are thankfully behind me, and behind most of us too. Cyber insurance is becoming a bigger market, mainly because companies want to protect themselves against any financial losses that stem from hacking or data leaks. So far, this kind of insurance has been met with mixed success. Here is one recent story about a Virginia bank that was hit with two different attacks. They had cyber insurance, and filed a claim, and ended up in a court battle with their insurer who (surprise!) didn’t want to pay out, claiming some fine print on the policy.

Sadly, that is where things stand for the present day. Cyber insurance is still a very immature market, and there are many insurers who frankly shouldn’t be writing policies because they don’t know what they are doing, what the potential risks are, and how to evaluate their customers. If you live in a neighborhood with a high rate of car thefts, your auto premiums are going to be higher than a safer neighborhood. But there is no single metric — or even a set of metrics — that can be used to evaluate the cyber risk context.

I talk about these and other issues with two cyber insurance gurus on David Senf’s 40 min. podcast Threat Actions This Week here. I am part of a panel with Greg Markell of Ridge Canada and Visesh Gosrani of Guidewire. If you are struggling with these issues, you might want to give it a listen.

FIR B2B podcast #101: Machine learning comes to marketing

This week we talk about new ways that machine learning and artificial intelligence can benefit marketing organizations. While these three news items are all different aspects of this technology, they show collectively how these new technologies are changing the way marketing is done.

First up is a new smartphone app called Truthify that does advertising context analysis (as shown at right). The app interprets the user’s facial expressions to deliver what it thinks the user’s emotional state is, including fear, anger, or happiness, among other traits. The app comes with a web dashboard so you can analyze your campaigns and the resulting demographics. The app is now available for iOS users and soon for Android.

Second is a new influencer platform called AdHive. It is a combination of influencer marketing and AI-powered campaign management. You can sign up for the tool and influencers are paid to participate, while advertisers can choose the right kinds of people to exploit, er, we mean make use of, their tool.

Finally, Google last week announced four new products using machine learning that are aimed at helping marketers create more effective ads. These include responsive search ads, tools to optimize YouTube traction and local campaign management and smarter shopping. Google claims that advertisers who have tested these services have seen clicks increase by 15 percent.

Marketers who have been loathe to adopt new technologies do so at their own peril. These tools are good examples of what the future portends.

You can listen to our 18 min. podcast with my partner Paul Gillin here.

Cyber Security Threat Actions This Week (podcast)

If your organization is not using the MITRE ATT&CK framework yet, it’s time to start. Katie Nickels from MITRE, Travis Farral from Anomali and I join host David Senf from Cyverity to talk about ATT&CK tactics, techniques and tools. You can listen to this 45-minute podcast here.  We discuss what ATT&CK is and isn’t, how it can be used to help defenders learn more about how exploits work and how to become better at protecting their enterprises, what some of the third-party tools (such as Mitre’s own Caldera shown here) that leverage ATT&CK and what are some of the common scenarios that this framework can be used for.

I did two stories for CSOonline about ATT&CK earlier this year:

 

FIR B2B PODCAST #100: THE MOST MEMORABLE MOMENTS OF OUR DECADES IN TECH JOURNALISM

This week we take a trip down memory lane to discuss the highlights of our 60-some odd collective years of working as B2B journalists in the technology field. There are some great stories, such as Meeting Bill Gates (Paul at a press junket, David at an industry conference) and working with Greg Gianforte, now a member of Congress from Montana after making several fortunes starting technology businesses. Being a tech journalist has its risks: Charles Wang, when he was chairman of Computer Associates, campaigned to get Paul fired from Computerworld, but the two later became friends. David’s parody of Miss Manners got him a cease-and-desist letter from the columnist’s lawyers. We both recall what the introduction of the web did for our industry and our world back in 1994, and how quickly the publishing market changed as a result. David recalls with fondness his interaction with Bob Metcalfe, the inventor of Ethernet and now a professor at UT/Austin.

David remembers writing about a skunk works project from IBM to use spreadsheets as a front-end to their mainframe databases, and noted how the sole programmer behind the project, Oleg Vishnepolsky, later said his career was changed by the articles. Paul recalls the “old IBM,” which once IBM mistakenly put out a press release and then disavowed what it said.

We have lots of other memories, and hope you enjoy this episode.

FIR B2B Podcast #99: Why Was Intel’s CEO Really Fired?

The firing of Intel CEO Brian Krzanich last week over a single sexual harassment claim shocked some people because the scope of the crime seemed out of proportion to the punishment. This articleby Agility PR makes the case that one harassment claim can do more damage to your brand than a charge of financial fraud. The Register suggests that the reason for Krzanich’s dismissal goes deeper, and if that’s true, it wouldn’t reflect well on Intel. Companies need to navigate these waters with care, making sure they are prepared for a harassment charge, rather than hoping for the best.

What you ask Google influences the results you get. That’s probably not news, but it has interesting implications when you consider the trust people put in search engines to deliver the truth. Francesca Tripodi surveyed two Republican groups in Virginia — a women’s group and a college group — during their 2017 gubernatorial election. Just by varying one word in the search box, such as using  “NFL ratings up” vs. “NFL ratings down,” proved to deliver two very different result sets. We discuss what marketers can learn from the exercise and how to craft better keyword collections and hashtags for your future campaigns.

You can listen to our podcast here.

FIR B2B podcast #98: WHY DOESN’T MARKETING ATTRACT MORE RECENT GRADS?

Why isn’t marketing attracting more college grads? That’s the topic Paul Gillin and I explore this week, starting with the results of a study commissioned by Marketing Week earlier this year which  found that just 3% of undergraduates think marketing offers them the best career opportunities.

The publication held a seminar to try to explore ways to better engage Gen Z, and we have several thoughts on the matter too. Colleges need to have more focused marketing programs, and businesses need to show that a wide range of skills and talents can be put to best use with marketing programs. Certainly there are obstacles, such as CEOs who think they are good marketers when they aren’t, or conflicts between sales and marketing staffs. But with big data becoming an essential part of the marketing discipline, there’s more opportunity for marketing to impact a company’s future than we’ve seen since the dawn on TV advertising.

Listen to our 14 min. podcast here:

FIR B2B PODCAST #97: NOTABLE HITS AND MISSES IN GDPR PITCHES

In my role as a journalist, I’ve been deluged with hundreds of pitches for GDPR-related stories, which went into effect last week. It didn’t help matters that on the first day the UK commissioner’s website was down for a couple of hours, an Austrian privacy advocate hit Facebook and Google with billions of euros in lawsuits and the privacy browser plug in Ghostery sent out emails about its change in policy, but inadvertently cc’d 500 user names in each batch of email.

In this episode of FIR B2B podcast (19 min.), I discuss the impact of GDPR with my partner Paul Gillin, who has seen his fair share of pitches as well. We discuss some of the best and worst PR pitches we received in the months running up to the launch of the General Data Privacy Regulation, and why a handful stood out.

FIR B2B Podcast #96: Lessons from the demise of Klout

Klout is dead. The news wasn’t a surprise, and the announcement from its current owners at Lithium didn’t leave anyone tearing up. The idea of boiling influence down to a single number always struck us as overly simplistic. And the tools to measure influence are so much more sophisticated now than in Klout’s heyday.

But we should pause and understand why Klout fell into disuse and what marketers can learn about measuring the effectiveness of their social media campaigns. It’s also a good time to look at what other tools are available that are useful, such as LinkedIn Social Selling Index, (shown here) which gives your account various scores and then breaks them down into four components that have a little more meaning. You can see how you rank within your industry and within your LinkedIn network. There’s also Twitter Analytics, which tracks changes in your Twitter engagement through five different elements: tweets, tweet impressions, profile visits, mentions, and followers. Again, one number doesn’t really describe the range of influence that a social network provides, and you might want to focus on one or two elements as you measure your own reach.

I reviewed social media marketing tools many years ago and certainly that universe has seen some evolution, but SproutSocial, SimplyMeasured, Looker and Adobe’s Marketing Cloud are all still available and very reasonable measurement tools as you construct your campaigns. And as general purpose business intelligence tools such as Microsoft’s PowerBI and Domo become easier to use, they can be used for this purpose.

We also touch upon another looming deadline this week, with the GDPR regulations coming into full force. My podcasting partner Paul Gillin has written a piece about executives are turning more positive on its potential and also using the compliance deadline to effect some positive changes in their organizations’ privacy and data protection policies.

You can listen to our latest podcast (15 min.)here.

FIR B2B #94 podcast: Panera Dread

Panera Bread’s reaction to a breach of its customer records is a classic example of what not to do on so many levels that it’s hard to know where to start. Officials lied to reporters about the nature and extent of the breach, treated the security experts that knew what actually happened with disdain, took months to recognize the existence of the breach only after others revealed it to the public, told people that the leak was fixed when it wasn’t and glossed over the real issue: a major IT flaw in its application program interface specs that caused the breach to begin with (as well as another this week at P.F. Chang’s). It didn’t help matters that the chief information security officer at Panera came there from a similar job at Equifax in 2013.

The reaction from Ragan is a good summary of what happened and how the situation was mis-handled, and if you want more specifics from the security researcher that first found out about the flaw last August, can read this post on Medium. That latter link reproduces the email messages that showed how the company ignored the researcher’s notification. Firms need to hold themselves to better accountability, have breach plans in place, and make it easier for security researchers to submit vulnerability disclosures in a non-threatening and simple way.

My 14 min. podcast with Paul Gillin can be played here.

FIR B2B podcast #93: Is privacy finally a thing for B2B marketers?

With the #DeleteFacebook meme taking hold, this could be a turning point for privacy, or certainly is a major moment of reflection about what the role of marketing is in this debate. Marketers have certainly been dazzled by the potential of big data for targeting and personalization. Maybe they need to exercise more caution in the future, or at least respect the need for better privacy controls.

With my partner Paul Gillin, I discuss a few thoughts about the changing nature of privacy and what the revelations of the past week mean for marketers.

Reactions to the Facebook disclosures have been negative. The Internet Society has posted an op/ed saying that “Mark Zuckerberg’s apology is a first step, but it’s not enough.” Certainly, many people and businesses (SpaceX and Tesla are two corporate examples) are deleting their Facebook pages, but do they really understand that this data persists for quite some time? The EFF has this handy guide for individual privacy, and Wired has posted a more comprehensive series of suggestions here. We suspect that some corporate users will also get smarter about how their data is consumed by social platforms of the future.  Hopefully, some solid regulation will come of this movement, and a better appreciation of our customers’ privacy too.

On a related note, in perhaps the worst timed news yet, Slack has changed their privacy policy. Now business owners can download entire workspaces, where these conversations are recorded for posterity. We knew that our expectations around workplace privacy were low, but our IM chats too?

There’s also a new academic study on web tracking tools that shows that the threat of misbehaving third-party applications trampling on private data is huge. Thousands of these tracking tools are used by online advertisers, and many are good at evading ad blockers.

The notion of privacy by design has been around for more than a decade; perhaps marketers should take a moment to review some of its precepts.

Listen to our 12 minute podcast here.