[gamedori5]

So what does this mean for company cybersecurity? Will companies be motivated to secure their networks by higher insurance rates? Will insurers hire infosec auditors? Will insurers stop offering coverage, and leave companies to consider hacks as Black Swan events?

[RandomTisk]

They would be very wise to hire their own auditors, not necessarily to go into their client's businesses but to review the assessments most of them are already getting periodically, to make sure that evidence presented actually made sense and earned them a pass. It's been my experience that IT auditors are often book smart, but IT-experience poor. Some are simply not savvy or experienced enough to interpret their own framework the same way a week or a month later.

[throwaway28488]

Don't know but news like this makes me happy I switched from a senior in embedded firmware to a junior in cybersecurity. The future looks good.