 Okay, Attila, Attila's arrest, SIPAC, cybersecurity, but cybersecurity touches us all about everything. And Attila's going to tell us today about the need for planning, the quality of our planning in our community, our world locally and beyond, and how we should be concerned about it. Welcome to the show, Attila. Thanks for having me, Anjay, appreciate it. I think we're here to talk about the FAA, right? The news from last week. That's what makes us think about planning. So let's review what happened with the FAA. What happened with the FAA? Yeah, that's a good question. So we were on the phone last week with Homeland Security and we did a group call and he started off the call by saying, okay, let's talk about the elephant in the room. Let's be clear. There is no evidence of cyber attack or malicious actors or any of that stuff with regards to the national outage with the FAA. And so that's good. So that is good news for all of us. It means that their systems and their firewalls and everything that they've done to protect the infrastructure that air traffic control depends upon, that's safe. What's not safe is the ability for us to do something that in the technology world we call an OOPSI, that's the technical term. And an OOPSI means that we fat fingered a keyboard command or did something by accident that caused the problem and that problem cascaded into catastrophic events. So it's usually, it's the beginning of the domino in a chain. In this case with the FAA, what that meant is that there was an update to a database and databases run the entire world. There's a reason that Oracle is valued so high and there's a reason that you can't buy an Oracle product by going down to your local Best Buy. It's because Oracle runs the infrastructure that we all depend upon. That means banks, credit card companies, et cetera. And there's a database behind the FAA that keeps track of where the planes are, right? And if that database is off or corrupted or damaged in some way, air traffic control can't see where the planes are. Therefore it's not safe to put planes up in the sky, right? I think that's a fair way to describe this problem. And during the course of an update, which is something that occurs all the time, it's security updates, software updates and everything that goes behind that, there was an OOPSI. There was a miscommand that corrupted the database. Database went offline. And when that occurred, air traffic control said, look, we can't put planes safely in the sky. We don't want to kill people. So they're grounded. And that was last Wednesday. It lasted most of the day. They tried to go back to previous database backups. And sure enough, that corruption was in the backups as well. So they had to do some manual stuff that they haven't really talked about yet to get things back up and running. But that OOPSI is something where we've stopped first time, especially when it comes to transportation. There was an OOPSI with the bus a couple of years back. There was a hard drive that failed on one of their servers. They had to take the server offline. And during that time, we had no bus service. OOPSI. Yeah, how do you spell OOPSI anyway? O-O-O-P-S-I-E, OOPSI? OOPSI, yeah. It's something that we all experience. In fact, I have a personal story to share about that. So some years back, we were running a custom application. It was a switching platform. So it essentially controlled the telephone system network. And this was back in my work in California. So this was 20 plus years ago. And we had a database. And because of the way that the software was engineered, it didn't support replication, multi-site replication, the way that most of these databases do these days. So we depended on hourly snapshot backups. And at some point, there was an update to the database. Database was marked suspect. And we had to rebuild everything based on backups and snapshots and everything else. Long story short, it's now 4.30 in the morning. We've gotten everything up and running. I'm so happy, very pleased. We had minimal outage. It was only a few hours and it was in the middle of the night. But it was 4.30 in the morning, so I was a little tired. And so I said, okay, we're done. We're out of here. And I start walking out from behind the server rack. And I trip over the power cable and yank the cable out of the battery backup for the database server. Turn back on the database server. Sure enough, database is marked suspect again. Spend the next six hours getting it back up and running. So I pulled an Opsie myself. I understand how it feels. It's not fun. Luckily this was a long time ago. And it wasn't a national footprint. It was just regional outage. But yeah, Opsie's happened. They happen all the time, Jay. So that sure taught me over 20 years ago how to do business continuity planning, disaster recovery planning and how to have a proper plan to keep an organization up and running when there is an Opsie. Okay, some thoughts and reactions to that. It reminds me of David Ege's first month in office eight years ago where somebody pushed the wrong button, had it wrong, Opsie, and warned the state that there were incoming missiles from North Korea. I don't know if you remember that, but that was embarrassing. I think we all remember that one. What it points out is, of course, that Opsie's can happen, but it also points out that, you know, back in say the early 90s, your computer was a self-contained machine. It didn't connect with anything. Soon enough, your computer connected with a local area networks. That was something that was nice. And then around 1995, Bill Gates decided he was gonna make an internet out of Microsoft. And then the world took off from there where we all got connected and we were part of a global network. And that means interdependence, dependence, if you will, on much larger structures. So when you talk about the Opsie for the FAA, that's national. In fact, it's more than national, isn't it? Because it has implications worldwide. What happens with the FAA in terms of flight control? So, you know, we live in a world of complete interdependence now. And if Opsie's happened, the implications are enormous. Just as they are in cybersecurity, the implications are enormous because we are so dependent on them. But furthermore, to go further with your point, I think the number of, and the range and threat of threats to a given system, whether it be local or global, are greater. We have climate change in our hands. We have hacking and cybersecurity issues on our hands. We have so many things that could happen to a given system. And the system predictably would include more people, more business effect, more economic effect, effect in every corner of our society. And therefore, that we have to match that interdependence and that risk with our own ability to plan. And the first thing comes to mind is don't we have the systems to plan against an Opsie? Wasn't there a system, and we know the answer to this, wasn't, couldn't there have been a system to avoid David E. Gates North Korean missiles? Couldn't there have been a system to avoid the FAA downtime? Why can't we predict these things? Well, we can. I'll tell you why. It's because we're all human. So we become our own worst enemy in these kinds of circumstances. Until the day that we decided to hand over all control of our critical infrastructure and our transportation systems over to some sort of AI and then wipe our hands clean, which I believe there's a series of movies about how that goes bad. We don't wanna do that. We become our own worst enemy, but that also means that we are our own salvation. So by having realistic expectations about what we can do as human beings to keep our infrastructure alive, we can also plan for our shortcomings. Right? There are certain times a day and certain days of the week that you just don't do updates, right? Like, let's say for example, you wanna do a major system overhaul of a company's network. Do you do that on a Friday afternoon? Not really. That's the worst time to do that. Right? Everyone's tired. There's vendors that are, you know, they're off for the weekend. No one wants to come in and help you. So you don't do those kind of things on a Friday afternoon. Everyone who's been in tech knows that. Let me stop you there. That's a good decision. That's based on human experience. It's based on our, you know, experience in the world. Okay, but you could also relegate that decision to AI. You could say, give me a scan of the week and tell me, you know, what the activity is on this system in the course of a week. Tell me the risks of doing it at one point during the week and the benefits of doing it at another point of the week and tell me the best time and make that dynamic. But, you know, it'll change whatever is the case. It'll know which is the best time. Why don't we relegate that kind of decision to AI? Well, I'll tell you, because, and we'll talk about this on our next show about AI and chat GBT and how that all works. Even chat GBT, the best it has, what, 20, 25% good advice. Now, here's the important part about AI. AI does not give you information. AI is meant to give you advice. There's a big distinction between the two. So if we do run this through an AI algorithm, it's gonna say, well, based on our, on the information, this is the advice I wanna give you. Just know that that advice is only about 25% accurate. So it's not always gonna be perfect. However, you know, rolling back to our primary thing here, I don't like to give, you know, bad news without giving some good news in terms of how we can solve these things. Proper business continuity planning. Incident response planning means that we're gonna be better adapted handling bad things when they occur. So what's the distinction between continuity planning and what is the second term you use? Incident response, sure. Response planning, recovery planning, if you will. Sure, so incident response planning is typically a subset of a business continuity plan. And I'll give you an example of an incident response plan. So back in 9-11, it could be said that we did a wonderful job in responding to what occurred at the Twin Towers, right? Fire department police, they all seemed to know what to do, but they never really planned for a plane actually hitting the building, but they had planned for, if there was a bomb, if the building was on fire, right? Other scenarios that were similar. And so they knew, okay, this is what we have to do. This is the priority in which we have to do them. And less lives were lost than would have happened otherwise. And the same could be true with incident response planning in your business. One common method that this has done, this is across the board, this is not necessarily cyber, is something called tabletop exercises where the key decision makers sit around a table and they say, okay, this is our scenario. It's novel, it's new. We're going to simulate what we are going to do in this situation. We did some tabletops before COVID was pretty funny. We had a similar exercise, which said, what if there was a biological outbreak in, which has occurred or a chemical spill in the neighborhood and we're forced to evacuate the building. And for the course of three weeks to a month, you're not allowed to enter your building. All your computers, everything is intact. How do you function as a business, right? And so that's where a business continuity planning comes into place. And based on that, when COVID hit, the clients that we had run this similar exercise with, they were well-prepared. They said, okay, we know exactly what to do. This is how the people are going to work from home. This is how we're going to socially distance, even though it was completely different type of scenario, but they knew how to respond because of response pattern. And we're smart enough to figure that out. So in the same way, business continuity, incident response planning is something that is a thought exercise. It's a thought experiment. And that can save us huge amounts of pain and effort ahead of time. And I'm assuming that the FAA subcontractor that was involved in this database problem, I'm assuming that they trusted themselves to be able to do the work proficiently, but maybe they had not done the incident response planning, assuming that they maybe would make a mistake along the way. So you always have to assume the human element. What happens if someone trips and falls and something happens? What happens when there's a bad actor that comes in and causes malicious intent? And the big one, and this is a really big one that no one plans for, but we've seen it firsthand is Insider Threat. Insider Threat is huge locally. Savatage. Here, and everywhere. What's that? Savatage. Savatage, yes. And it's usually from trusted employees and stories that I could share just briefly would include CPAs running away with money from the business. How does the business continue to survive from that? Like they'll physically leave the country, there's nothing to do. Insider Threat break in. So they come back and they break in and they damage equipment or computers so that the business has trouble moving along that way. Theft of data and sold on the dark web held for ransom or hostage. These are all real scenarios that occur here on Island. And I'm not talking like off, 20 years ago, this is all recent events. And as a business owner, what you can't do is, usually you can't control it, but the only thing you can do is plan for it. And usually you're out the money, you're out the headache, you're out the problem. How do you control the reputation damage? We meet with clients regularly that are concerned about this. They say, look, we just see the headlines on the news. We don't know what to do. We're worried that it could happen to us because it happened to our neighbor or it happened to others in our industry. How do we prevent this from occurring? Okay, let me stop you there. And so the tabletop sounds like a very important part of the planning process to identify the risks, the possibilities, the threats. And then you'll go from there to figure out what you do to harden yourself against that. But I think there's newspaper articles. There are stories of other companies that have had remarkable experiences, ridiculous experiences, and that has to be factored in. So you bring your management together across the tabletop and you say, what are you worried about? That's one question. But the other question is, what are others worried about? What has happened in New York, Chicago, LA? That will inform us on what the risks are. And those guys at the tabletop, they don't know. They can only read the paper. And so there should be, and maybe there is a database of these other events that have taken place. And those events must also be considered at the tabletop, right? I wish you were true, Jay. So I can tell you this, when there's an incident, only about 20% of incidents are reported. And it's usually the law enforcement, FBI, et cetera. I don't know anyone who we've worked with who has been eager to share with the public the way that they were breached and the kind of problems that they overcame because of it. When was hacking, or weren't they obligated by law? It depends on the industry and it depends on the extent of the breach. And it depends on what was breached and what their social obligation is gonna be to this. I can't speak to that because I'm not an attorney. I think maybe you would be better, but in general, most folks who want to move on because they have a business to run, they have employees to pay and clients to service. And they need to be back and operational as much as possible. And they want to put in safeguards so that this does not occur again. So the kind of industry knowledge that you're describing is difficult to come by. However, one thing that we have seen is that folks will go to either a convention or a trade association meeting or some other public event where others in their circle are there and they share amongst themselves their personal experiences. So this could be they go to like, let's say, an energy forum or we've even seen this with dentists. They get together in dental forums and they come back from these dental trade shows and they say, oh my gosh, I can't believe what happened to this other dentist in my industry or this other energy company or our industry. We don't want this to happen to us. Please help. And... Okay, well, I have an idea. More and more, when you see these commentators on the news channels, the cable especially, you see credits to a company called Grabby and E-R-A-B-I-E-N. And so when they wanna have a couple of people, talking about something in Congress, for example, Grabby and will sell them the footage. And I think that's very interesting. But you could also have the OMG library that stands for, oh my gosh, the OMG library. And a guy like you until for example, or your staff would go around and you collect all these stories about the dentists and about what's reported in the print press. What has happened to, you know, in other places, other companies that are reported elsewhere, but your people at the tabletop, they don't know it never happened with them. But so you could be there at the tabletop and you could say, ladies and gentlemen, let me show you the kinds of risks that have been reported in the newspaper or elsewhere from my OMG company. And we should consider that. And I know I don't catch them all because everybody reports, you know, all the violations and the risks, but this is as complete a database of risks that you will find anywhere and they have got to be considered. Wouldn't that be a viable approach to bringing in other risks? Well, I don't know about you Jay, but the last time that anyone made any choices based on strictly data, it's pretty few and far between. So sometimes throwing more data at a scenario doesn't necessarily help us. I mean, it can help in influencing the decision, but they're not gonna ultimately make that decision. This is why those kind of in-person or seeing other news that comes out regarding a specific incident that's relatable to their industry. So for example, there was a national company that's a PEO, they're an employer and they were recently breached and the attack pattern and how they were able to get inside their customer data and create that kind of problem for them. That was very influential in other PEOs making adjustments here. Same thing, there was a recent one about a financial planning or I'm sorry, an outsourced accounting firm. They're on the mainland, so they're in California, but that outsourced accounting firm, they were breached and so we could see over the course of six months how their reputation was damaged and other clients one by one left them and at the end of six months, they had to sell all their equipment, their desks and computers as a fire sale because they had no more clients left. That kind of reputation damage and seeing that pattern of what occurred because they couldn't recover from this. These are all stories that we can bring back to other outsourced accounting firms and they can then benefit from seeing the cost of inaction, I guess is the best way to put it. Well, let's talk about costs for a minute. So there was one company, it was a business company, it was a stock house in the Twin Towers that had done exactly what you said. And so after 9-11, they were able to continue to function and it was to their credit and they enjoyed a very positive reputation over that because a lot of companies didn't have a shadow computer organization elsewhere and they failed, they were over. So that was smart and they put the money in. So I have two questions about that. One is, where do you draw the line about putting the money in? And creating a shadow computer operation isn't cheap. Connecting people with all of the security issues with other computers elsewhere at homes that can operate even when the head office goes down, this is expensive. And furthermore, last part of my question is the technology is changing all the time because of, call it cyber threats, whatever. So you have to update your shadow operation. You have to update your remote access with new hardware, new software. Where's the line? It can get very expensive until it. Yeah, so Jay, I agree with you if we were in, if this was 2002 and it was very expensive to use the cloud or create a redundant network such as this, but the pandemic has really shown us that people can work remotely. Most things can be done in the cloud. Streaming video, like what we're using right now is not unusual by any means. It's been around a long time and it's a viable way for teams to work remotely. During the pandemic in our particular business, it was like, we were already using the cloud, we were already using this stuff. There was no disruption at all with what we had to do. And I think a lot of other companies found that out pretty quickly too, that they don't really need desk phones on every desk and then someone sitting in a cubicle every day and they don't need enormous offices and just don't take my word for it, see what Salesforce did and Yahoo and a lot of these other really big tech companies on the mainland, they forfeited their office space. They didn't need it anymore. Yeah, there was a push to maybe bring some people back into the office, create hybrid working environments. It's true, that still has merit, but 100% back to the office, it's not as necessary as it used to be. And what you describe as a shadow organization, what they did, that was very smart of them to create some redundancy within their infrastructure. And I encourage everyone to think in that way, especially if you're gonna be doing business with any sort of critical infrastructure, federal, state contracts, et cetera, this is gonna not only be preferred, but a requirement. You won't be able to continue participating in these kind of jobs if you don't have redundancy, if you don't have tabletop exercises, you don't have basic security safeguards in place and some basic good habits. A lot of these tabletops, when we talk about how to get through things, we talk about email being breached. Well, how did the email get breached? Well, it's because I used my password that I used for my LinkedIn and that LinkedIn account was compromised and during a breach five years ago and I never changed the password. Really guys, bad cyber hygiene is gonna be responsible for your own downfall. Like I said in the beginning, you are your own worst enemy, right? So that also means that you can also be your best friend. You can do something about this with proper cyber hygiene, not just in your organization, but individually. So this comes from proper training, being able to identify problems. So remember I talked to you about password reuse, that's a boring one. How do you identify insider threat? There's a standard way to do it. It's when well-studied. You can figure out when an employee is headed down that path and catch them early and turn them around before they become a detriment to the business. So all of these different things- Well, two things come out of that. You know, one is it seems to me that instead of having all this virtual connection to a headquarters, why not just dispense with the headquarters and have the company deal on a sort of neural basis, where you're connected by virtual all the time for everything. And then you put your effort into making that as safe as possible, as renewable, as hardened and resilient as possible, but you don't care about having an office in an expensive downtown location. You make this company completely virtual in the world. I mean, it's going that way anyway, isn't it? Yeah, this is the new workplace. I mean, I remember, you know, we used to do these shows out of a studio on downtown. And the last time I was in downtown, I saw a lot of empty offices. And so that's an indicator that most companies have figured this out. If not, they've greatly downscaled the amount of physical footprint that they need. And it's only for specific industries, but, you know, our economy is based on knowledge work. The U.S. is, we're not big on manufacturing. This is why a lot of this is overseas. We're knowledge workers. And knowledge work can be done remotely in the cloud, from home, from remote work spaces. It maybe works for everyone. Personally, it doesn't work for me. I still need an office. I need to get away. I like to keep that separation. And that's just my personal preference. But for many folks- But your office can be smaller. Yeah, it can be smaller. We don't need that kind of huge footprint like we used to. And that's okay. You know, it's based on personality type. Just know that the majority of work though, and even though whether we're here or not, I mean, I can pick up my laptop and work from anywhere. As can many engineering firms and professional services firms, you don't need that kind of stuff like you used to. So in terms of, you know, the plan, the plan for, you know, dealing with the incident, the plan for recovering from the incident, those plans presumably have changed in the past, you know, say three years because the phenomena, the dynamic you described that we are talking about has been quite pronounced over the time of COVID. You know, we learned about virtual connection. We learned how to do this. And they learned, you know, Zoom put in, remember this, Zoom put in all kinds of security functionality in their product because there were problems. And now Zoom is a lot safer than it was. I don't know if it's completely safe, but it's a lot safer. And so, you know, I guess, you know, what I'm saying is we're there, we've crossed the bridge and the plans would be different today. Somebody made a plan back Wednesday in 2015, that plan would not be relevant right now. Maybe the company would have changed under them, no? Once again, going back to what you mentioned about Zoom, right, why was it that there were so many Zoom bombings? Well, it's because folks weren't protecting their meetings with a four-digit pin, right? So we're back to user behavior. It's not that Zoom by itself was insecure, it was user behavior that did it. Tons of people have made this mass migration at the beginning of COVID to 365 and Google Workspace. However, 365, which is Microsoft's platform, right? By default, they have a lot of things open because they want folks to come onto the platform very easily. And the consequence of that is that, you know, folks who jump onto this platform, they start using it, not realizing that their data was free and open for anyone to read. So there is, if anyone who's watching uses Microsoft 365, well, make sure to check your Microsoft secure score. It will tell you what vulnerabilities are inside of your platform and how to remedy them. Most people don't do this, right? So that secure score is super important. Google also has, you know, folks are just sharing files left and right and go and realize that maybe they leave files open for sharing for contractors that no longer need to have access to it. These kind of problems exist. And there's tools built inside the platforms to show you, hey, here are the things that you have open. Go ahead and close that up, please. That cyber hygiene has got to lead to problems. Cyber hygiene has built within it the notion of training your employees, your staff, your management on how to prevent these things, both on doing oopsies and telling the state that there's missiles heading their way. I mean, I suggest that a lot of these things could be avoided by training. So I take your point that if you leave it to the computer alone and you don't have a well-trained workforce pushing the buttons on the computer, no software is going to be able to protect you. You are correct, you are correct. So yeah, it's training, it's mentality, it's understanding how things work in terms of how these attack patterns occur from bad actors and understanding your own weaknesses, right? As an organization, how will you manage if there is a problem with a fire or a biological outbreak or a bad actor gets inside your network? What's gonna be your PR plan? Are you gonna do reputation damage? How long is it gonna take you to get back up and running? And the good news is, don't take my word for it, go ahead and Google or use chat GBT, look around and ask about templates for business continuity and incident response planning. Tabletop exercises sometimes require an outside consultant if you feel like going that route or you can do it yourself, this isn't magic. Most of the exercises are common scenarios that you can plan for in your organization and it's important to debrief after this. So the most important step is the debrief. So you can do all this business continuity planning, write out a wonderful business continuity plan and then at the end of it, when a real incident occurs, if you don't have a printed out copy ready to go in a red binder in the folder in the bookcase behind you, when all your computers are locked up with ransomware, you won't know what to do. If it's planning plans need to be done once a year, minimum. So yeah, once a year, that was my next question was, you have to update these plans because the world is updating around us more quickly all the time. So therefore how often do we have to have the tabletop? How often do we have to review the plan or throw the plan out and start with a fresh creative look? Yeah, one of the clients I met with recently, they said, yeah, we have a business continuity incident response plan. I said, great, it was last time it was updated and reviewed. And they said 1994. There you go, in a word, that must have been a funny moment there at the tabletop. This is about a year ago, so it wasn't that long ago. So, you know, one thing that strikes me also is that, okay, you can have an Oopsy, it's a human thing, but the cascading effect is, I'd like to ask you about that, the domino effect, if you will. So somebody makes an Oopsy, it sets something in motion. Okay, now we have the real problem of that setting something else in motion and on and on down the line with the domino effect. Can't the software prevent against that? Can't we build software to, we may not be able to stop the original Oopsy, but we could build software to stop the domino, right? Yeah, it depends on the industry. Now, remember, typically, so let's just look at dollar amounts, right? So typically those that handle larger dollar amount transactions are going to be involved with more critical or sensitive data, right? And that doesn't matter what industry you're in, right? So if you run a $1 million company, gross revenue of $1 million, there's a good chance you're not working with very sensitive data. It could be that maybe you're a florist or an HVAC vendor, something like that. Now, not to say that those are not as important industries, I mean, they are, but the sensitivity of your business being impacted by a business interrupting event or BIE, you're probably not gonna have huge community impact, right? Now imagine if you're an energy company, right? Oil refinery, you're in the transportation sector, right? The budgets in these kind of sectors are hundreds of millions of dollars. Controlling that kind of cascading effect is gonna be critical. And in our experience with working with critical infrastructure, when a bad actor is inside the network, they're not gonna shut it down. They wanna watch, they wanna see what happens. And they will typically take safeguards to prevent that organization from coming back online very quickly. So it's particularly important to do those kind of planning exercises and to have appropriate types of detection mechanisms in place that are gonna find those kind of issues before they become a real problem. Let me give you an example. There's a list of, I think it's believe the 289 list that has a list of vendors that come from China. And one of them is, for example, HikeVision. They're a DVR camera system, they're probably one of the largest in the world. And they have been known on networks to send traffic back to their country of origin, which is China. And that kind of activity is not permitted for anyone who's working on federal contracts. And anyone who's in the private sector would right away recognize that as being a problem, right? They don't want their camera feed and video feed being sent back to the Chinese government for surveillance purposes. So these kinds of things you can detect with the appropriate tools in a critical infrastructure environment while in advance of a threat. So there are special tools that are used for this. And once again, not tools you're gonna see on the Best Buy shelves. These are critical infrastructure tools that detect these things in advance so you can stop this from happening. Well, there's gotta be a combination of things that you have at the ready to prevent your company from failing after an attack or a phenomenon that is likely to bring it down. But one thing we haven't talked about with my last question, because we gotta go soon, is insurance. And I can see approaching the risk manager of the company. Maybe he's there at the tabletop. And he says, yeah, yeah, yeah, but we can go out and place insurance on this. We can cover the risk. Let's not worry about it. Let's just get a policy. Where does that play? That's a great question, Jay. So some legislation came out earlier this year that said essentially that if the bad actor is tied to nation-state in any way, it's considered an act of war and they are off the hook. They don't need to pay for that insurance policy. There's also some additional caveats in there that we've seen over the past year where in order to renew your cyber policy, there are certain safeguards that need to be in place. Everything from, we've seen different lengths of this. We've seen one pagers. We've seen 15 pagers. Everything from, do you have a employee security awareness training program in place? Do you use multi-factor authentication? You have a password rotation policy. Do you have encryption arrest? How often do you test your backups? Stuff like that. That's a big one, by the way, that trips up people. How often do you test your backups? No, I don't know. We make backups every day, but you gotta test them, right? It's not just that simple. So... These are underwriting considerations. They're questions relating to the premium, I suppose. And when you say premium, you're also saying the insurability of the company. And if you can't satisfactorily answer those underwriting questions, you may not be able to get the insurance at all. Or they'll insure you, and if there is an incident, they have a reason to deny your claim. If they didn't answer it accurately, yeah, sure. So the whole panoply of insurance issues flow into this. Suffice to say that if there is a risk manager or the company is concerned about risk in general, the business proposition, they should look into insurance to the extent of our products that would cover these risks. Wow, exciting discussion. Okay, every discussion we have is exciting until because it's all now and it's all gonna get worse. Till the rest, PSYPAC, we'll see you again in a few days. We're gonna talk some more about AI. Thanks so much. Appreciate it, Jay. Stay safe out there. See you too. Aloha. Thank you so much for watching Think Tech Hawaii. If you like what we do, please like us and click the subscribe button on YouTube and the follow button on Vimeo. You can also follow us on Facebook, Instagram and LinkedIn and donate to us at thinktechhawaii.com. Mahalo.