
The Price of a Hack - danso
https://www.npr.org/templates/transcript/transcript.php?storyId=682331111
======
xs
I just listened to this podcast episode. At no point do they answer the
question on the title.

This is a very short peek into cyber insurance and phishing.

It you like podcasts and stories about hacking, skip this one and try the
podcast Darknet Diaries.

~~~
callahad
I think they do, at least in part: They directly discuss how the price of
their insurance policy changed following the event:

> _WENDY: I emailed our agent this morning because I hadn 't heard anything.
> Knowing that we are - ah, AIG quoted the renewal with limits with a 66
> percent increase and increased the retention from 10,000 to 25,000. Ew,
> that's the deductible._

> _TEMPLE-RASTON: Increasing your premium by 66 percent and more than doubling
> your deductible - that motivates change._

[...]

> _DUFFIN: Wendy was able to convince a new insurance company that her new
> training program actually worked. She got a new policy with more coverage,
> but for less money._

Exact costs for the policy, prior remediation, and the training program are
not disclosed, but I wouldn't necessarily expect those to be shared publicly
anyway.

But this is all subjective -- I enjoyed it and found it a worthwhile listen
while prepping dinner tonight. I'll be sure to check out Darknet Diaries
([https://darknetdiaries.com/](https://darknetdiaries.com/)) as well, thanks
for the recommendation!

------
blakesterz
It might be better to link to the actual episode, rather than just the
transcript"

[https://www.npr.org/sections/money/2019/01/04/682327333/epis...](https://www.npr.org/sections/money/2019/01/04/682327333/episode-886-the-
price-of-a-hack)

------
porphyrogene
Mavis should have been fired. That was a careless mistake against which
someone in her position should be constantly vigilant. If we punished people
for hacks that are the direct result of their incompetence then we wouldn’t
have these “Gee we’re sorry about that” corporate responses. She opened an
email attachment because the stranger who sent it said that she should. If you
fall for that you should not be using the internet at all.

~~~
wyxuan
People get phished all the time. Its a general problem with how people are
informed about these kinds of these things. Mavis is a victim of circumstance

~~~
ohiovr
The fast food industry covers hand washing in training videos why don’t more
companies train people for basic street smarts online?

~~~
porphyrogene
It would be like a chef who doesn't wash his hands firing a line cook for not
washing his hands. A company giving their executive who stores social security
numbers on the same system on which she opens emails (and trusts them
implicitly without a second thought) a free pass is a way for them to give
themselves a free pass. If she were to be held responsible for not
understanding basic security protocols then the company could be held
accountable for failing to train her properly. Until we raise our standards
the companies who compromise our privacy and security will have no incentive
to raise theirs.

Do you have a right to behave as if every link and file is safe and secure or
should the people who are tasked with protecting personal information be
expected to behave with reasonable suspicion of wrongdoing on the part of
perfect strangers? HN wants to have it both ways, apparently.

~~~
ohiovr
I’ve never fallen for phishing are you implying this avoidance skill is
impossible to teach to executives? Obviously anyone who has custody of
important information should not be in the born yesterday category of
understanding what to do with that responsibility.

~~~
porphyrogene
You misunderstood my comment.

