<p dir="ltr">Isn't the skin in the game from insurers to ensure that they can find as many ways as possible to disqualify the policy, rather than actually secure the insured?</p>
<p dir="ltr">After all, the article shows that the Cyberbreach insurance Target had was "useless", in as much as the claims were disqualified because of actions of the insured. This is exactly what we saw of DigiNotar as well - the insurance claim was denied because of actions of DigiNotar.</p>
<p dir="ltr">Indeed, in the history of events that have done the most to undermine the faith in the CA ecosystem, they have been systemic issues that any insurance agency - especially when looking at large scale liability as proposed by 141 - would seek to use to disqualify the policy and reject the claim.</p>
<div class="gmail_quote">On Dec 18, 2014 3:36 PM, "Phillip Hallam-Baker" <<a href="mailto:philliph@comodo.com">philliph@comodo.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">I don’t particularly mind what type of insurance it is, provided that it means that the activities of the CA are going to be overseen by some party who would have skin in the game in the case of a breach.<div><br></div><div>Audits are fine but the auditors don’t have skin in the game. <br><div><br></div><div><br><div><div>On Dec 18, 2014, at 6:24 PM, Dean Coclin <<a href="mailto:Dean_Coclin@symantec.com" target="_blank">Dean_Coclin@symantec.com</a>> wrote:</div><br><blockquote type="cite"><div lang="EN-US" link="blue" vlink="purple" style="font-family:Helvetica;font-size:18px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Thanks Ben. I’m assuming you are posting this with regards to the recent insurance debate. Although I was initially opposed to dropping the EV Insurance requirement, my thinking has changed as others have posted facts about the type of insurance that the EVGL require and appropriateness to its intended use. Symantec’s current position would be in favor of ballot 142 (Gerv’s elimination ballot). The article you linked to below seems to favor a different type of insurance than what we currently require. Are you thinking of proposing a change to the insurance type (i.e. Cyberbreach/cyberliability insurance)?<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Dean<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></div><div><div style="border-style:solid none none;border-top-color:rgb(181,196,223);border-top-width:1pt;padding:3pt 0in 0in"><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><b><span style="font-size:10pt;font-family:Tahoma,sans-serif">From:</span></b><span style="font-size:10pt;font-family:Tahoma,sans-serif"><span> </span><a href="mailto:public-bounces@cabforum.org" target="_blank">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org" target="_blank">mailto:public-bounces@cabforum.org</a>]<span> </span><b>On Behalf Of<span> </span></b>Ben Wilson<br><b>Sent:</b><span> </span>Thursday, December 18, 2014 10:42 AM<br><b>To:</b><span> </span>CABFPub<br><b>Subject:</b><span> </span>[cabfpub] Breach Insurance<u></u><u></u></span></div></div></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><u></u> <u></u></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Arial,sans-serif">Received this in my email today:<u></u><u></u></span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Arial,sans-serif"> </span></div><div style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Arial,sans-serif"><a href="http://www.usatoday.com/story/tech/2014/12/09/security-data-breach-insurance-target/20011477/" style="color:purple;text-decoration:underline" target="_blank"><span style="color:windowtext">http://www.usatoday.com/story/tech/2014/12/09/security-data-breach-insurance-target/20011477/</span></a><u></u><u></u></span></div><p style="margin-right:0in;margin-left:0in;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-family:Arial,sans-serif">Cheers,<u></u><u></u></span></p><p style="margin-right:0in;margin-left:0in;font-size:12pt;font-family:'Times New Roman',serif"><span style="font-size:11pt;font-family:Arial,sans-serif">Ben<u></u><u></u></span></p></div>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a></div></blockquote></div><br></div></div></div><br>_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
<br></blockquote></div>