Cybersecurity Insurance Succeed where Regulations Fail?

Interesting article about Richard A. Clarke view on cybersecurity insurance. There are a few key points that he makes that are worth pondering. I added some of my thoughts to it. There is a forum section of the vo if you like engage on the topic.

1. Know how much you are spending on cybersecurity.-- ( Sure, it's easy to say security is expensive. Companies should be spending 8-12% of IT budget on security. My questions is how do you decide what is security and what is not. If I buy a new computer with windows 10 replacing a windows XP computer. Is that security. Obviously not all of it, but I am getting better security out of it.)

2. We need better certifications for the cyber workforce. -- (Hard to do. And the human behavior aspect is not just in the cyber workforce, we all have a role in it.)

3. & 4 you can read in the article.

5. Create an institute to study the problem.

Article: https://www.insurancejournal.com/magazines/features/2017/11/06/469993.htm