A couple of big insurance outfits have made deals with Apple and Cisco
to charge lower cybersecurity premiums to customers buying their gear
I’m in favour (up to a point) of charging according to assessed risk,
but basing it on specific brand names leaves them open to accusations of
conflict of interest. Better it be done according to adherence to
published nonproprietary standards, such as PCI-DSS, for example.
Show replies by date