Dara Gibson - Cybersecurity Readiness Advisors

  By Dara Gibson, Cybersecurity Readiness Advisors Cyber insurance carriers have changed. Applications are no longer check-the-box forms. Underwriters now want proof of operational cybersecurity maturity, evidence of control effectiveness, and confidence that your organization can prevent, detect, and respond to modern threats like ransomware, business email compromise, and data exfiltration. Interestingly, organizations pursuing CMMC Level 2 are already building exactly what cyber insurers are looking for—even if they don’t realize it. Although CMMC is a requirement for companies working with the DoD, its control framework has become a powerful signal of reduced cyber risk for any organization seeking favorable cyber insurance terms. Here are five reasons why. 1) Documented and Enforced Access Control (AC) CMMC Level 2 requires strict implementation of: Role-based access control Least privilege enforcement Multi-factor authentication Privileged ...

  Navigating the Grey Zone: How "Operation Epic Fury" and State-Backed Cyber Operations Are Reshaping Cyber Insurance in 2026 By Dara Gibson, CEO Cybersecurity Readiness Advisors The lines between conventional warfare and digital conflict have just been definitively blurred. As businesses grapple with the operational ripple effects of this week's launch of “Operation Epic Fury”, a major U.S. led military action aimed at dismantling Iranian offensive missile capabilities and infrastructure, the risk landscape has shifted beneath our feet. For risk managers, CEOs, and CISOs, this isn't just a geopolitical event; it's a turning point for cyber insurance coverage. The immediate question on every renewal and claim will now be: Does my policy cover "grey zone" state-backed cyber actions? The Imminent Clash: "War Exclusion" Wording vs. "Grey Zone" Events Most standard cyber insurance policies contain a standard "War Exclusion...

By Dara Gibson, Cybersecurity Readiness Advisors As we enter 2026, cyber insurers are tracking a clear escalation in both the sophistication and speed of attacks. January’s top cybersecurity developments reinforce why underwriters are shifting from checkbox security to validated controls and resilience focused risk management. AI-Powered Deepfakes Fuel Social Engineering Losses Threat actors are rapidly adopting AI-generated deepfake audio and video to impersonate executives and public officials. These attacks are driving a surge in fraudulent wire transfers and credential theft, often bypassing MFA and traditional identity checks. From an insurance perspective, organizations without strong payment verification, call back controls, and employee training are increasingly viewed as high-risk exposures. Supply Chain Breaches Threaten Critical Infrastructure A recent breach at an engineering firm with ties to major U.S. utilities highlights the persistent danger of third-party risk. ...

  By Dara Gibson, Cybersecurity Readiness Advisors For small and midsize businesses (SMBs) across Arizona and the nation, the question is no longer if you will face a cyber incident, but when . As technology advisors, we see the data daily: attackers view SMBs as "easy entry points" into supply chains and for direct financial gain. Cyber insurance has transitioned from a luxury to an operational necessity. Attackers target SMBs precisely because they often lack the resources of large enterprises. A staggering 43% of all cyberattacks target small businesses. The financial fallout from a successful breach is severe: the average cost of an incident for companies with fewer than 500 employees is nearly $3 million. Without a critical financial safety net, nearly 60% of small businesses that suffer a significant cyber event close their doors within six months. Your existing general liability or property policy will typically not cover these digital losses. A dedicated cyber insur...

 By Dara Gibson Today, the Cybersecurity Information Sharing Act of 2015 (CISA 2015) has officially sunset, leaving a significant gap in the legal landscape that has governed cyber information sharing for a decade. If you are a leader in critical infrastructure, whether in the energy grid, water sector, or financial services, this is a pivotal moment for your organization and your cyber risk posture. As a longtime partner in the InfraGard community, I’ve seen firsthand how public-private collaboration can turn the tide against cyber threats. We’ve relied on that collaboration to understand emerging threats and prepare for the inevitable. Now, without the broad liability protections CISA 2015 provided, that sharing dynamic is fundamentally changed. What does this mean for your organization? 1. A potential chilling effect on threat intelligence sharing CISA 2015 offered companies a "safe harbor," shielding them from civil lawsuits, antitrust actions, and regulatory penal...

  Arizona's Data Center Gold Rush: Why Cyber Insurance Is Your Best Ally in the Digital Desert By Dara Gibson, CEO Cybersecurity Readiness Advisors As Arizona cements itself as a national hotspot for data center growth, thanks to our low natural disaster risk, abundant land, and favorable energy policies, there’s an often an overlooked risk brewing beneath the surface: cyber threats. With hyperscale operators and colocation facilities popping up across the Valley, cybercriminals are taking note. And while the infrastructure investments are impressive, the question remains: are Arizona's data centers equally fortified against digital disasters? As a cyber insurance specialist embedded in the Arizona market, here's what I advise every data center operator to consider right now: ·        Cyberattacks Are Expensive and Getting Worse: Arizona-based data centers store and process sensitive personal and business data, making them prime targets. The fin...