Mike Delaney

And the board often look towards insurance and you and I and past have talked about whether or not insurance is a good way to go. I have a lot of faith in the insurance business. I think they're usually ahead of the game in terms of pricing risk, seeing risk. IT, I think they struggle with. Cyber is even worse. It is an area, again, it's a new issue.

And the board often look towards insurance and you and I and past have talked about whether or not insurance is a good way to go. I have a lot of faith in the insurance business. I think they're usually ahead of the game in terms of pricing risk, seeing risk. IT, I think they struggle with. Cyber is even worse. It is an area, again, it's a new issue.

It's not that it's been around that long, at least in its form. And so I think they're trying to create products that aren't necessarily caught up to the issues yet.

It's not that it's been around that long, at least in its form. And so I think they're trying to create products that aren't necessarily caught up to the issues yet.

Yeah, and they don't know how to underwrite for it just yet either. There's not enough cybersecurity expertise or IT expertise in the industry. It's getting better, but it's not quite there yet.

Yeah, and they don't know how to underwrite for it just yet either. There's not enough cybersecurity expertise or IT expertise in the industry. It's getting better, but it's not quite there yet.

No. And again, before we got on, we were talking about a lot of Western world IT cybersecurity management is reactionary. We've seen incidents occur. And one of the bigger ones in the recent years was when JBS had its ransomware attack. And that one really rippled through the industry and raised awareness to this problem. But it certainly wasn't the only incident.

No. And again, before we got on, we were talking about a lot of Western world IT cybersecurity management is reactionary. We've seen incidents occur. And one of the bigger ones in the recent years was when JBS had its ransomware attack. And that one really rippled through the industry and raised awareness to this problem. But it certainly wasn't the only incident.

160 food companies last year alone that had some sort of attack. That we know of. Let's actually, and I want to segue into that because one of the things about cybersecurity and the risks that go along with it is if an event happens, if it's material enough, it can really, really hurt your reputation.

160 food companies last year alone that had some sort of attack. That we know of. Let's actually, and I want to segue into that because one of the things about cybersecurity and the risks that go along with it is if an event happens, if it's material enough, it can really, really hurt your reputation.

It can hurt your bottom line, which usually if your reputation's hurt your bottom line, it's going to follow quickly. So getting information out to the marketplace is important. However, when you're dealing with private management team, they might not want to get that out.

It can hurt your bottom line, which usually if your reputation's hurt your bottom line, it's going to follow quickly. So getting information out to the marketplace is important. However, when you're dealing with private management team, they might not want to get that out.

And if they can contain, control it, they'll prefer not to let anybody other than their board know what they just went through. That's changed in the public company world. Starting in December of last year,

And if they can contain, control it, they'll prefer not to let anybody other than their board know what they just went through. That's changed in the public company world. Starting in December of last year,

The SEC added another reporting requirement to companies that are publicly traded, and this applies to a lot of food companies, that if they have a cyber incident happen, they have a responsibility to report that to the investment community in a prompt manner. There's all kinds of nuances to it. It's called a Form 8K, and the Form 8K is really just a current report.

The SEC added another reporting requirement to companies that are publicly traded, and this applies to a lot of food companies, that if they have a cyber incident happen, they have a responsibility to report that to the investment community in a prompt manner. There's all kinds of nuances to it. It's called a Form 8K, and the Form 8K is really just a current report.

And there's a list of many different activities that happen that companies have to routinely report out to shareholders. And the rationale is it's information that should be out on the street so they can make an assessment of their investment. And the SEC is, you know, share it with everybody. It's fair. Yeah. When it comes to cyber, they decided to add it as one of the disclosure item 105.

And there's a list of many different activities that happen that companies have to routinely report out to shareholders. And the rationale is it's information that should be out on the street so they can make an assessment of their investment. And the SEC is, you know, share it with everybody. It's fair. Yeah. When it comes to cyber, they decided to add it as one of the disclosure item 105.

It's if you have a cyber incident that you determine is material to your company, you are required to report it to the shareholders and to the investment community at large. The problem is, when do you know that it's material? And there have been incidents, and the example would be my prior law firm, when they had the infiltration and this large food manufacturer had its issue.

It's if you have a cyber incident that you determine is material to your company, you are required to report it to the shareholders and to the investment community at large. The problem is, when do you know that it's material? And there have been incidents, and the example would be my prior law firm, when they had the infiltration and this large food manufacturer had its issue.