When it comes to this article about an insurance firm not paying out the complete amount, I'm a bit torn about about the whole thing. On the one hand, the insurance company didn't pay out the full amount of damages incurred by the breach, so what was the point of paying all of that money and actually having it? On the other hand, does this action by insurance companies encourage organisations to not slack off their security priorities and use a settlement as a fallback WHEN things go wrong perhaps?\n\nInsurance Pays Out a Sliver of Norsk Hydro’s Cyberattack Damages\n\nUltimately, with the abundance of many variations of the nonsense phrase "we take data privacy and security seriously", it is likely that harsher penalties might be required to actually get companies to actually care about user data and protect it accordingly. Publicly accessible Windows servers with permitted Remote Desktop connections, along with open databases without authentication are far too common, and clearly more needs to be done.\n\nLady thinking about security in front of a sunset on a swing\n\nThere has been talk of company directors facing actual jail time, which could boost spending in cyber security, and likely lead to fewer breaches (being announced). It could also, unfortunately, lead to more companies covering up any breaches and not disclose them, which definitely wouldn't benefit any users who have had their data stolen. At the moment, no answer seems to be the magic bullet that we are looking for.\n\nElizabeth Warren Wants Jail Time for CEOs in Equifax-Style Breaches\n\nProposed Data Privacy Law Could Send Company Execs to Prison for 20 Years\n\nIt goes to show that we are still very early in our security journey, so in the meantime let's educate ourselves and those around us so that we can all stay ahead of the game and keep ourselves safe.\n\nTake care and all the best. Si.