Comment by lesuorac
2 days ago
> Turns out, this rule was not from IT. It was a requirement from the cybersecurity insurance policy the organization had taken.
I wonder if some of these constraints are to try to find a way not to pay out on the policy.
It absolutely was/is.
To bastardize Douglas Adams: For-profit insurance is a scam; breach insurance, doubly-so.