Two weeks ago, we all learned about the Colonial Oil pipeline ransomware attack on the East Coast of the United States. It was a high profile hit, but was then followed by an odd comment from the ransomware group saying in effect, “Sorry, we didn’t mean to actually disrupt the pipeline!” in other words, we’re here to be quiet and not make too much of a problem but we are still going to steal your money.

While we know conceptually that ransomware attacks are pervasive, we called JC Herz to get her deeper and experienced perspective. We know there has been a significant underspend in security that has created a massive systemic arbitrage for ransomware attacks. We know that the bias and competitive pressure for tech spending is around innovation and speed, not fixing vulnerabilities. We also know that the “attack surface”, grows bigger with every application we connect to the network. Finally, an Executive Order in the US from May 12 may increase reporting requirements if and when companies are breached and pay ransom. It's an attempt to start to deal with the problem collectively, but it may have some unintended consequences. As investors, what do we do with all of this? Today we start with a big download of context and perspective from JC.

#51: JC Herz on The Systemic Arbitrage of Ransomware