Former DHS Official Announces Plan To Sell Cyberattack Insurance

from the build-a-market-with-taxpayer-funds,-collect-upon-'retirement' dept

Our nation’s top security guards are all retiring to go into the cybersecurity business. Former NSA chief Keith Alexander is asking (only) $1million/month for his cybersecurity consultations, which apparently include the use of patents he developed completely unrelated to his NSA work in his basement during his spare time.

Now, former top DHS official Tom Ridge is getting into the cybersecurity business, albeit one nowhere near as glamorous as Alexander’s rockstar-level consulting service. Instead of showing up occasionally to offer his expertise (and collect paychecks) on cyberattack preparedness, Ridge will be performing the most “everyman” of services: selling insurance.

Ridge on Monday announced a new cyber insurance package that he said should make it easier for companies to safeguard their networks and their bottom lines.

“What we have seen is the sophistication of these attacks continue to elevate,” Ridge said at a launch event in London, according to Bloomberg news service. “Who would have thought that JPMorgan, with its security budget, could be hacked into? Now a lot of people are thinking if it could happen to them, it could happen to us too.”

The first Homeland Security secretary’s new company, Ridge Insurance Solutions Company, is teaming up with the insurance giant Lloyd’s of London to sell cyber insurance coverage.

When selling insurance, the old adage “can one have too much insurance of course not better safe than sorry here is some anecdotal evidence supporting my profitable belief” is doubly true, thanks to government agencies (such as Ridge’s former employer) pushing a very fearful and apocalyptic narrative. At any moment, US businesses will be hit by “cyber Pearl Harbor” and former government officials like Ridge and Alexander are perfectly placed to take advantage of their own agencies’ previous cyberthreat marketing warnings.

Ridge makes the claim that simply offering insurance will prevent attacks, which is an odd thing to say about a purely defensive product meant to mitigate post-attack financial damage.

Ridge said the new insurance is designed to help prevent those types of attacks.

In order to obtain insurance, companies will need to make sure their cyber defenses are up to snuff, which in and of itself should make businesses more secure, he predicted.

“This is not just about insurance but helping and incentivizing companies to manage their cyber operations more effectively,” Ridge said in a statement.

Ah. But mostly about insurance.

Insurance policies of as much as $50 million each are available from today… The company expects to generate $40 million in premiums in the first 18 months.

True, insurance isn’t nearly as profitable if payouts are constantly being awarded. Hence the demands for up-to-snuffness. But it also helps if you’ve got a background in overselling the threat, which makes the product and its premiums seem miniscule in comparison to the potential damage. This would explain the press junket bearing headlines like “Ex-Homeland Chief Says Risk of Cyberattacks Elevated.”

So, did Ridge join the DHS with the express intent of developing a market for his post-retirement dip into the private sector waters? My tin foil hat isn’t that snug, but I’m sure his years of priming the cyberthreat pump factored heavily in his post-retirement job selection.

Here’s a statement of Ridge’s dating all the way back to 2003, as quoted in a United States Institute of Peace cyberterrorism report. [pdf]

“Terrorists can sit at one computer connected to one network and can create worldwide havoc,” cautioned Tom Ridge, director of the Department of Homeland Security, in a representative observation in April 2003. “[They] don’t necessarily need a bomb or explosives to cripple a sector of the economy or shut down a power grid.” These warnings certainly had a powerful impact on the media, on the public, and on the administration.

For instance, a survey of 725 cities conducted in 2003 by the National League of Cities found that cyberterrorism ranked alongside biological and chemical weapons at the top of a list of city officials’ fears.

The Hill points out that some critics are upset the government isn’t doing more to protect companies against cyberattacks. I’m guessing Tom Ridge (and Keith Alexander) are no longer members of that group.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Former DHS Official Announces Plan To Sell Cyberattack Insurance”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

That sounds about right

“Terrorists can sit at one computer connected to one network and can create worldwide havoc,” cautioned Tom Ridge, director of the Department of Homeland Security, in a representative observation in April 2003. “[They] don’t necessarily need a bomb or explosives to cripple a sector of the economy or shut down a power grid.” These warnings certainly had a powerful impact on the media, on the public, and on the administration.

I actually completely agree with him here, however somehow I doubt the ‘terrorists’ he’s thinking of, and the ‘terrorists’ I’m thinking of when I read that are one and the same.

Anonymous Coward says:

I can see where this is all headed. Congress will pass a law requiring all individuals and companies purchase cyberinsurance (a ‘mandate’ if you will) or face a penalty (‘not a tax’ – or is it?). One will be able to buy insurance on a government-run exchange called ‘’ – only the webpage will have terrible cybersecurity practices. In no way shape or form would this be an excuse for insurance companies to rake in taxpayer dollars in the form of subsidies.

Anonymous Coward says:


After the Homeland Security head Michael Chertoff made a fortune after leaving the government by starting his own “consulting” business (actually a backdoor lobby), it was only natural for Tom Ridge to follow Chertoff’s path and also try to cash in on his government “service” by lining up as customers many of the same corporations he previously gave favorable treatment to as a government official.

re: United States Institute of “Peace”

We shouldn’t forget that the United States Institute of “Peace” had the the notorious racist and warmonger Daniel Pipes on its board. In true “1984” style, these organizations typically name themselves the opposite of what they actually are.

TheResidentSkeptic says:

And cyberattacks will happen.

Count on it. Random attacks will happen just to prove that the insurance was needed. There will be stories of payouts from the massive damage (take our word for it… there really was massive damage that no one can see because it has been classified by our insurance company “Cyber Response Action Partner”.) Then stories of “This is what happens when you don’t have our insurance”. Their great-grandfathers from Brooklyn would be so proud.

Anonymous Coward says:

Sell the Terrorism Snake Oil then profit from the havoc , great plan there guys , I wonder how long it’ll take them to start paying people to launch full scale attacks on networks, Maybe they already have, sadly I doubt nothing from these criminals now.

The next big thing will be forfeiture insurance , Pulled over by thieving Law Enforcement protect your cash and property with one of our comprehensive insurance policies.

Anonymous Coward says:

There’s a silver lining. If before you get such an insurance, you have to pass an “up to snuff-ness” test, then the standard for security in companies should become a lot higher – otherwise they won’t accept them in the first place, since they don’t want to end up paying them billions of dollars when they get hacked.

Anonymous Coward says:

The worst threat to cybersecurity is the companies themselves.

How often have we heard that an attack is due to huge lapses in security? Even the huuuuge companies ignore warnings from white-hat hackers and security experts until something actually happens; big security budget or not.
How about we actually start punishing those companies with large amounts of public information and that has well known security holes before information is leached. Fines so relatively large that it won’t be financially sound to pay up after the fact instead of keeping security up to date.
No those who needs insurance are the people who can find their personal information for sale to the lamest bidder.

Anonymous Coward says:

“Sell the Terrorism Snake Oil then profit from the havoc.”

Is this any worse than Michael Chertoff’s revolving door turnaround? As DHS secretary, he was a strong advocate for those naked body scanning machines that every airport is required to have. Then as a private citizen, he was on the companys payroll.

But honestly, is there anyone in government that does not cash in when they leave office? Like it or not, it’s become as American as baseball and apple pie.

GEMont (profile) says:

Retirement plan for successful thieves

What none of these Ex-Spy-Guys are telling you however, is that the gang of cyber-terrorists they are “protecting” you from, is the gang they used to work for.


The NSA is not at all worried about its retiring employees aiding the American Business Community in keeping secrets from the NSA, because the tech that these employees bring to the table is years old and obsolete and has been replaced with stuff that can’t be stopped by the methods that these ex-employees can provide.

But, because the American Business Community does not know this, its a great retirement fund for old spies to dip into, to help pay for that castle in Spain, the 120 foot yacht and that nasty nose-killing habit they picked up during stake-outs and stalking bouts.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...