Tea by the cathedral
Climate change arrives in Germany.
And, while we’re on the topic of global warming and climate change…
Quote of the Day
”Never underestimate the courage of the French. Remember, they were the ones who discovered snails are edible.”
Musical alternative to the morning’s radio news
Simon & Garfunkel | The Sound of Silence (from The Concert in Central Park)
Long Read of the Day
Primo Levi’s Last Moments
A fascinating Long Read.
Why do people continue to insist that Levi committed suicide when he almost certainly didn’t?
Why mainstream media can’t hold tech companies to account
My column in yesterday’s Observer:
The interview was a classic mainstream media production. Rajan had done the kind of homework that big-time reporters do, right down to reading Henry Kissinger’s musings on the subject of artificial intelligence. “I want to find out,” he declared at the beginning, “who he [Pichai] actually is, apply some proper scrutiny to Google’s power, and understand where technology is taking all of us.” It turns out that he and Pichai both have family in Tamil Nadu and are obsessed with cricket. In the end they even managed to have a cod cricket game in which Rajan tried to bowl a googly at the boss of Google. So they’re both nice guys, got on like a house on fire and told us absolutely nothing.
Like I said: a classic mainstream media treatment of tech. The BBC’s media editor wanted to find out “where technology is taking all of us”. He is thus a native speaker of the narrative of tech determinism – the view that technology drives history and the role of society is simply to mop up afterwards and adjust to the new reality. It is also, incidentally, the narrative that the tech companies have assiduously cultivated from the very beginning, because it usefully diverts attention from awkward questions about human agency and whether democracies might have ideas about which kinds of technology are tolerable or beneficial and which not.
Do read the whole thing.
Cyber Insurance and the Cyber Security Challenge
RUSI, the Royal United Services Institution, a defence think-tank, has just published an interesting paper on the cyber-insurance industry.
It’s a classically understated paper, which cloaks serious criticism in soothing language.
While some mature insurers are moving in the right direction, cyber insurance as a whole is still struggling to move from theory into practice when it comes to incentivising cyber security.”
Most of the market has used neither carrots (financial incentives) nor sticks (security obligations) to improve the cyber security practices of policyholders. The industry is also struggling to collect and share reliable cyber risk data that can inform underwriting and risk modelling. The difficulties inherent in understanding cyber risk, which is anthropogenic and systemic, mean insurers and reinsurers are unable to accurately quantify its causes and effects. This limits insurers’ ability to accurately assess an organisation’s risk profile or security practices and price policy premiums accordingly. The spectre of systemic incidents such as NotPetya1 and SolarWinds2 has also limited the availability of capital for cyber insurance markets.
However, the most pressing challenge currently facing the industry is ransomware. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals. These add fuel to the fire by incentivising cybercriminals’ engagement in ransomware operations and enabling existing operators to invest in and expand their capabilities. Growing losses from ransomware attacks have also emphasised that the current reality is not sustainable for insurers either.
Translation (courtesy of Bruce Schneier, a cybersecurity guru famous for plain speaking): “The insurance industry incents (i.e. incentivises) companies to do the cheapest mitigation possible. Often, that’s paying the ransom.”