Cyber Insurance News & Information Podcast

Micro-Captive Cyber Insurance Wins in Court: What's Next?

46 min · 30 de jun de 2026
Portada del episodio Micro-Captive Cyber Insurance Wins in Court: What's Next?

Descripción

A federal judge just ruled against the IRS on micro-captive cyber insurance, the tool businesses use to fund cyber losses their policies won't cover. Dustin Carlson, a named plaintiff in the case, returns to explain what changed and what's still in legal limbo. Carlson, president of SRA 831(b) Admin, sits down with Executive Editor Martin Hinton to break down the Drake Plastics v. IRS ruling, the IRS's now-discredited evidence for its "listed transaction" label, and the appeal that could send this all the way to the Supreme Court. They also get into where AI liability exclusions are quietly opening new gaps in standard business coverage, and why a tax-court fight in Texas should matter to anyone buying cyber insurance. What you'll hear: * What an 831(b) plan actually is, in plain English * Inside the Drake Plastics v. IRS lawsuit and the judge's ruling * Why the IRS's evidence didn't hold up in court * What's next: the appeal, the circuit split, a possible Supreme Court fight * How AI liability exclusions are widening the cyber coverage gap * The real financial cost of a cyber breach for small business Read the full article: https://cyberinsurancenews.org/micro-captive-cyber-insurance-coverage-gap/ Connect with Dustin Carlson: https://www.831b.com [https://www.831b.com] Cyber Insurance News & Information covers the cyber insurance market, claims, regulation, and the people shaping it. New episodes weekly.

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de Cyber Insurance News & Information Podcast!

Prueba gratis

Empieza 7 días de prueba

$99 / mes después de la prueba. · Cancela cuando quieras.

  • Podcasts solo en Podimo
  • 20 horas de audiolibros al mes
  • Podcast gratuitos

Todos los episodios

46 episodios

episode 100% Compliant, Breached Anyway: Joshua Brown, CISO of Spektrum Labs, on Why GRC Failed artwork

100% Compliant, Breached Anyway: Joshua Brown, CISO of Spektrum Labs, on Why GRC Failed

"You can be a hundred percent compliant and still be breached." Joshua Brown [https://www.linkedin.com/in/brownjosh], Chief Information Security Officer at Spektrum Labs, joins Martin Hinton to dismantle the industry's most expensive assumption: that passing an audit means being secure. Brown explains why GRC failed to deliver better security outcomes, why attestations expire the moment they're made, and what happens on the other 364 days of the year. The conversation covers the "cyber poverty line" facing small businesses, why insurers are suing MSSPs after client breaches, how continuous control validation could replace the questionnaire, the Sophos Insurability FastTrack partnership, and the elevator question every CISO dreads: "Are we secure?" Brown's answer, and the question he'd replace it with, closes the show. Key moments: 02:05 — What is GRC and why has it failed? 08:03 — The cyber poverty line 17:00 — A flight recorder for resilience 22:00 — Attestations vs. proof in cyber insurance 45:01 — Small businesses and the security gap 01:03:49 — The question CEOs should ask instead Read the full article at Cyber Insurance News & Information: https://cyberinsurancenews.org/cyber-insurance-joshua-brown-spektrum-labs-podcast/ [https://cyberinsurancenews.org/cyber-insurance-joshua-brown-spektrum-labs-podcast/] Related coverage: Spektrum's Fusion platform launch, the Sophos partnership, and Max Perkins's January episode are all at cyberinsurancenews.org.

9 de jul de 20261 h 7 min
episode Micro-Captive Cyber Insurance Wins in Court: What's Next? artwork

Micro-Captive Cyber Insurance Wins in Court: What's Next?

A federal judge just ruled against the IRS on micro-captive cyber insurance, the tool businesses use to fund cyber losses their policies won't cover. Dustin Carlson, a named plaintiff in the case, returns to explain what changed and what's still in legal limbo. Carlson, president of SRA 831(b) Admin, sits down with Executive Editor Martin Hinton to break down the Drake Plastics v. IRS ruling, the IRS's now-discredited evidence for its "listed transaction" label, and the appeal that could send this all the way to the Supreme Court. They also get into where AI liability exclusions are quietly opening new gaps in standard business coverage, and why a tax-court fight in Texas should matter to anyone buying cyber insurance. What you'll hear: * What an 831(b) plan actually is, in plain English * Inside the Drake Plastics v. IRS lawsuit and the judge's ruling * Why the IRS's evidence didn't hold up in court * What's next: the appeal, the circuit split, a possible Supreme Court fight * How AI liability exclusions are widening the cyber coverage gap * The real financial cost of a cyber breach for small business Read the full article: https://cyberinsurancenews.org/micro-captive-cyber-insurance-coverage-gap/ Connect with Dustin Carlson: https://www.831b.com [https://www.831b.com] Cyber Insurance News & Information covers the cyber insurance market, claims, regulation, and the people shaping it. New episodes weekly.

30 de jun de 202646 min
episode Same Tricks, Bigger Targets: Nation-State Cyber Threats artwork

Same Tricks, Bigger Targets: Nation-State Cyber Threats

A medical device maker gets hit. Surgery schedules slip. The attacker was a nation-state, and they knew exactly what they were looking for. Michael Crean, Senior Vice President at SonicWall, joins Cyber Insurance News to explain why the threats targeting power grids and pipelines are the same ones that compromise small businesses every day. The difference is patience, not technique. We cover the March 2026 Stryker attack, attacker dwell time, the Colonial Pipeline failure, and why cyber insurers are moving from self-attested questionnaires to continuous audit. Plus the two unglamorous controls Crean says cut compromise risk by roughly 70 percent. A former US Army soldier turned cybersecurity leader, Crean also makes the case for why military veterans are a natural fit for the industry. Michael Crean [https://www.linkedin.com/in/michaelecrean/] SonicWall [www.sonicwall.com] Stryker [https://www.zetter-zeroday.com/iranian-hacktivists-strike-medical-device-maker-stryker-in-severe-attack-that-wiped-systems/] Colonial Pipeline [https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years] CHAPTERS 00:00 Introduction and Background of Michael Crean 03:15 Military Influence on Leadership and Cybersecurity 08:07 Transitioning Veterans into Cybersecurity Careers 10:22 SonicWall's Evolution and Cybersecurity Landscape 12:19 Iran's Cyber Warfare Capabilities 16:07 Impact of Cyber Attacks on Critical Infrastructure 21:44 The Psychological Effects of Cyber Threats 27:50 The Need for Friction in Digital Security 30:48 Critical Infrastructure Vulnerabilities and Iran's Strategy 33:27 The Inconvenience of Digital Dependency 34:17 Legacy Technology and Cybersecurity Risks 34:57 Fundamentals of Cyber Hygiene 37:52 The Mundane Yet Crucial Practices 39:22 Personal Responsibility in Cybersecurity 40:59 The Economic Impact of Cybercrime 43:58 The Invisible Threat of Cyber Attacks 50:05 The Evolution of Cyber Insurance 54:04 The Importance of Cybersecurity Fundamentals 01:00:41 Empowering Personal Responsibility for Cybersecurity

17 de jun de 20261 h 3 min
episode AI-Powered Cyber Attacks: Why Compliance Is Not Security | Mitchell Amador, Immunefi CEO artwork

AI-Powered Cyber Attacks: Why Compliance Is Not Security | Mitchell Amador, Immunefi CEO

Most corporate security leaders are doing compliance, not security. That is the blunt opening from Mitchell Amador [https://www.linkedin.com/in/mitchell-amador-a37683227/], CEO of Immunefi [https://immunefi.com/], the leading crowdsourced security platform for blockchain, and the argument that drives this entire conversation. AI has ended the era of crime-scale cyber risk. The number of hacking groups capable of causing serious harm has jumped tenfold. Attack capability that once required a nation-state program now fits in a laptop. Most CISO budgets were built for a world that no longer exists. Amador explains what crypto security has already figured out and why the rest of the internet is about to be forced to catch up. We cover bug bounties, coopetition, smart contract insurance pricing, and the quantum encryption threat that simultaneously puts every bank, government, and blockchain at risk. Billy Mitchell [https://cyberinsurancenews.org/cyber-warfare-future-insurance-strategy/] North Korea and cyber warfare [https://cyberinsurancenews.org/cyber-warfare-ai-global-conflict/] Chapters 00:00 Mitchell Amador's path to crypto security 02:13 What is Immunefi? 03:49 Web3 as a dark forest 06:48 Nation-state actors and North Korea 08:00 The response to constant threat 09:36 Why crypto security stakes are global 12:35 Move fast and break nothing 14:39 What is a bug bounty program? 16:31 Why crowdsourced security beats internal teams 21:32 The culture of coopetition 29:45 AI and the economics of attack 32:51 Force multiplication and AI offense 36:32 The human element in security 40:27 Where crypto fits in cyber insurance 47:18 Smart contract insurance and loss rates 49:14 Quantum computing and encryption risk 52:40 Y2K vs quantum, scale of the problem 52:55 What should CEOs and boards do now? 58:31 Five years from now — what seems obvious www.cyberinsurancenews.org

10 de jun de 202659 min
episode The Authorization Gap: Cyber Insurance in the Age of Agentic AIThe Authorization Gap: Cyber Insurance in the Age of Agentic AI artwork

The Authorization Gap: Cyber Insurance in the Age of Agentic AIThe Authorization Gap: Cyber Insurance in the Age of Agentic AI

Agentic AI can act on its own. So who controls what it does, and who pays when it goes wrong? Recorded live at the Scout InsurTech [https://www.scoutinsurtech.com/] Conference in Columbus, Ohio, this episode brings together four experts to unpack the authorization gap in agentic AI cyber insurance. The conversation digs into blame, liability, responsibility, controls, and implementation. You'll hear how underwriters classify AI risk, why most cyber policies already cover AI breaches, where carriers split on affirmative coverage, and what businesses should do first. Guests Julia Garcia-Trombley, US & Canada, CertX [https://www.linkedin.com/in/julia-garcia-trombley-656193164/] Jeremy Epstein, CEO, Mayflower Specialty [https://www.linkedin.com/in/jaepstein00002/] Rich Gatz, Head of Cyber Claims, Arch Insurance [https://www.linkedin.com/in/richardgatz/] Tristan Morris, CEO, SplitSecure [https://www.linkedin.com/in/tristanmorris/] Chapters 00:00 Introduction to Cyber Insurance and AI 02:57 Understanding Agentic AI and Its Implications 06:04 The Classification Problem in AI Risk 08:51 The Role of Controls in Cyber Insurance 12:02 AI Risk vs Cyber Risk: A New Perspective 14:59 Certification and Governance of AI Controls 17:48 The Future of AI in Cyber Insurance 19:55 The Human Element in AI Risk Management 22:03 Understanding Acceptable Risk in AI 24:03 The Evolving Threat Landscape of AI 27:19 Cyber Insurance and AI: A Complex Relationship 30:24 Defining AI Risk and Insurance Coverage 33:15 The Importance of Risk Assessment in AI 36:44 Navigating Regulatory Frameworks for AI 39:05 Industry Consensus on AI Risk Management

1 de jun de 202642 min