Apple and Cisco announced this morning a new deal with insurer Allianz that will allow businesses with their technology products to receive better terms on their cyber insurance coverage, including lower deductibles – or even no deductibles, in some cases. Allianz said it made the decision to offer these better terms after evaluating the technical foundation of Apple and Cisco’s products, like Cisco’s Ransomware Defense and Apple’s iPhone, iPad and Mac...
What do you think?
Given the fact that ASAs are leaking like sieves right now and MacOS users are jumping ship for Windows 10 like crazy, I assumed I skipped a few months and it was already April.
This is purely marketing. Apple and Cisco have agreed to a shared marketing agreement with Allianz. This will drive business to Ransomware Defense and Allianz, even if both products perform below their peers. With Apple's disappointing product releases lately, this also works to drive a few customers their way.
Well, the more you know about something the more you can have a degree of assurance, and beyond the security of the herds of boxen I think that someone's risk on paper is going to be more quantifiable for a given company if there is shorthand for the person underwriting the risk. Yay, win.
However, I'd say that is going to go the other way as well, and to your point John, the actuarial tables will carry much more weight, and as the statistics build up if this loses more money than it brings in it won't last. Unless they don't like the money of course
Wow. I'd like to avoid vendor lock-in, and I'm especially inclined to avoid a vendor / insurance lock-in.
Check the small print ... I'd wager the end-users still have to maintain support, patching etc. to qualify.
Thinking about it, you can appreciate that enterprise class infrastructure, if configured & maintained properly, could have a lower risk profile than less well known, well regarded, or well supported infrastructure.
If it's not configured & maintained properly, I don't think a Cisco box or Apple device is no more (or less) secure than any other vendor.
This could backfire, in that management may believe they have addressed risk & improved security by buying a brand, and insuring that brand ... without due care on the configuration and maintenance.
Another consideration ... due to market share, the Cisco and Apple devices are likely to attract attention from hackers globally, which might distort the perception vs reality of their security posture.
Also it may have to do with perception. If you talk to users who are not heavy IT users, their perception is that Apple's do not get viruses, they would probably answer the same with Cisco. Many non-IT users just don't hear the horror stories about Cisco and Apple as they do Windows. The insurance company could be trying to capitalize on those perceptions.
It could also have to do with trying to get more users to switch to Apple products. Cisco may see that opportunity and want to jump on board with it also.
+1 @CISOScott Apple needs to grow but likes to grow in areas where a premium perception can keep up margins, and what better way to do that than cozy up with another old marque also under pressure from competitors offering cheaper and be aspirational together because:
"Dharling, you simply must buy quality, buy Apple and Cisco, because, Cecil, yes you know Cecil from Lloyds of London? He says it's safer and our premiums will go down... After all, you wouldn't want to be using the services of that dreary Mr. Dell and that Gate's fellow? I never liked the look of him..."
I agree that this feels more like a marketing initiative than anything else. One thing the TC article does not mention is any 'exclusive' element to this. I would imagine this type of offering is going to need to be vendor neutral for the most part. They might have 'preferred' vendors, but I think it would lose a lot of weight if a program like this is tied just to one or two vendors.
Extending this original conversation: Now that we see that cyber insurance organisations are increasing their premiums and informing their clients. What about the next development "Cyber Warranties"?
What do you think?