There are alternatives to CTEM that might be better suited to certain organizations or scenarios:

📌 Open-source Cloud Security Posture Management (CSPM): Open-source CSPM tools are cost-effective and flexible solutions for cloud security. They offer the benefits of community support and the potential for customization. However, they can be resource-intensive to deploy and may make an organization dependent on the community for updates and improvements

📌 Vanta: Vanta is a youth esports development platform that provides expert coaching and mentorship. It has received accreditation from http://STEM.org, indicating its commitment to developing necessary skills such as innovation, teamwork, and problem-solving in the youth

📌 Defense Surface Management (DSM): DSM provides a more efficient and effective way to connect Threat Intelligence Data (TID) and CTEM. It helps organizations prioritize and optimize their defenses by identifying strengths and weaknesses and comparing capabilities against adversarial Tactics, Techniques, and Procedures (TTPs)

📌 CloudBees Jenkins Enterprise and Operations Center: These tools provide more features to visualize software delivery pipelines and recover from failures. They offer greater visibility into Jenkins operations and allow for the central management of clusters of Jenkins masters, development, and performance analytics

📌 Unifying Remediation: This approach leverages automation to streamline the response to security issues, reducing manual intervention and response time. It also includes considering the context of security issues, which helps in identifying the most critical issues, understanding their root causes, and determining effective remediation strategies

📌 Pen Testing: While CTEM is focused on identifying and preventing as many vulnerabilities as possible, pen testing is a human-driven offensive test that attempts to achieve a specific goal. Using both methodologies increases visibility dramatically and provides a more comprehensive security approach

📌 Automation in Tax Preparation: Automation can help eliminate the risk of human error that can occur with manual data entry, leading to more accurate financial statements. It can streamline audit processes, allowing tax professionals to identify and prioritize high-risk areas

Vulnerability Density and Time-to-Remediate are two key metrics that can be used to measure the effectiveness of a CTEM program.

📌 Vulnerability Density is a measure of the number of vulnerabilities per unit of code or system. It provides an indication of the overall security health of an organization's systems. A lower vulnerability density indicates a more secure system, while a higher vulnerability density suggests a greater potential for exploitation. To use this metric effectively, organizations should track changes in vulnerability density over time. A decreasing trend would indicate that the CTEM program is effectively identifying and remediating vulnerabilities, thereby improving the organization's security posture. It is calculated by dividing the total number of vulnerabilities by the total number of systems or applications. This metric can be used to estimate the number of residual vulnerabilities in a newly released software system given its size. A high vulnerability density indicates that there are more vulnerabilities to remediate, which could lead to a higher risk of exploitation. Organizations should aim to keep vulnerability density low to reduce the risk of exploitation

📌 Time-to-Remediate (also known as Mean Time to Respond or MTTR) is a measure of the average time it takes to respond to and remediate identified vulnerabilities or threats. A lower MTTR indicates efficient response and resolution, suggesting a more effective CTEM program. This metric is crucial because the longer a vulnerability remains unaddressed, the greater the chance it could be exploited by malicious actors. Therefore, a successful CTEM program should help reduce the time between detection and remediation. It is calculated by subtracting the discovery date from the remediation date. In more simple terms, MTTR is the number of days it takes to close a security vulnerability once it has been discovered. MTTR may also be calculated on a case-by-case basis or on a macro level. The macro equation for MTTR is: MTTR = (Total Sum of Detection to Remediation Time) / (Total Number of Incidents). A lower time to remediation indicates that vulnerabilities are being addressed quickly and reduces the risk of exploitation. Organizations should aim for a short time to remediation to reduce risk

Both metrics provide valuable insights into the effectiveness of a CTEM program. By continuously monitoring these metrics, organizations can identify areas for improvement and take action to enhance their security posture

To measure the effectiveness of a CTEM program, organizations can use several key performance indicators and metrics. By using these metrics and continuously monitoring them, organizations can gain insights into the effectiveness of their CTEM program and make informed decisions to enhance their cybersecurity posture. It’s important to note that the effectiveness of a CTEM program is not static and should be evaluated regularly to adapt to the evolving threat landscape and business needs.

📌 Risk Reduction: Evaluate the reduction in security risks by tracking the number of vulnerabilities identified and remediated over time. A successful CTEM program should demonstrate a downward trend in the number and severity of security risks

📌 Improved Threat Detection: Measure the effectiveness of threat detection capabilities by tracking the time it takes to detect new vulnerabilities or threats. A lower Mean Time to Detect (MTTD) indicates a more effective CTEM program

📌 Time to Remediate: Assess the speed at which identified threats and vulnerabilities are addressed. A successful CTEM program should help reduce the time between detection and remediation, known as Mean Time to Respond (MTTR)

📌 Security Control Effectiveness: Use tools like Security Control Validation and Breach and Attack Simulation to test the organization’s defenses against simulated threats. The results can validate the impact of the implemented controls and the effectiveness of the security measures in place

📌 Compliance Metrics: For industries with regulatory requirements, achieving and maintaining compliance is a key success indicator. Track compliance violations or issues to gauge the effectiveness of the CTEM program in maintaining regulatory standards

📌 Business Alignment: Ensure that the CTEM program aligns with business priorities. This can be measured qualitatively by assessing whether remediation efforts focus on protecting the most critical business assets and align with key business objectives

📌 Stakeholder Feedback: Collect and analyze feedback from stakeholders involved in the CTEM process. Positive feedback can indicate that the program is meeting its objectives and is well-received by those it affects

Prioritization Threats

The Prioritization phase is the third stage in the CTEM framework. During this phase, organizations evaluate the potential vulnerabilities identified in the Discovery phase based on how likely they are to be exploited and the potential impact this would have on the organization. Here are the key steps involved in prioritizing threats during CTEM implementation:

📌 Assess Severity and Likelihood: Businesses often use a risk assessment methodology to analyze the severity and likelihood of each vulnerability. This involves evaluating the potential damage that could be caused if the vulnerability were to be exploited.

📌 Consider Business Impact: CTEM programs help organizations prioritize threats based on their potential impact on the business. This involves considering factors such as the criticality of the affected system or data, the potential financial impact, and the potential reputational damage.

📌 Availability of Compensating Controls: The availability of compensating controls, which are alternative measures that can reduce the risk of a vulnerability being exploited, is also a factor in prioritization.

📌 Tolerance for Residual Risk: The organization's tolerance for residual risk, which is the risk that remains after all controls have been applied, is another factor that can influence prioritization.

📌 Allocate Resources: Based on prioritization, organizations can effectively allocate resources towards the most significant risks. This strategic approach to threat management results in more efficient use of resources and a quicker response to the most potentially damaging threats

Prioritization Methods

Implementing CTEM involves a systematic five-step process that helps organizations proactively manage and mitigate cybersecurity risks. Implementing CTEM is a continuous cycle, as the threat landscape is always evolving. Organizations must regularly revisit each step to adapt to new threats and changes in their digital environment:

📌 Scoping: This initial phase is about defining what needs to be protected within the organization. It involves understanding the assets, systems, and data that are critical to the business and could be potential targets for cyber threats

📌 Discovery: In this stage, the organization actively seeks out and identifies vulnerabilities and weaknesses in the scoped assets. This includes using tools and technologies to scan for and analyze potential security issues across the organization's attack surface, which encompasses external, internal, and cloud environments

📌 Prioritization: After discovering vulnerabilities, the next step is to prioritize them based on their potential impact on the business. This involves assessing the severity, exploitability, and the criticality of the potential impact to the business, as well as any compensating security controls

📌 Validation: This phase is crucial for ensuring that the organization's vulnerability to threats has been accurately assessed and that the remediation operations are effective. It typically involves practices like penetration testing and Red Team exercises to simulate attacks and validate the protections in place

📌 Mobilization: The final step involves operationalizing the findings from the CTEM process. This means putting in place the necessary actions to correct identified risks and ensuring that all teams within the organization are informed and aligned with the security efforts. This may include automating mitigation through integration with SIEM and SOAR platforms, as well as establishing communication standards and documented cross-team workflows

Scoping phase

📌 The scoping phase is the initial stage in the CTEM framework. It involves defining the scope of the CTEM program, determining which systems, assets, and infrastructure segments will be included, and identifying the stakeholders who will be involved.

Check out Mave or other audio podcast platform

Let’s dive into the thrilling world of Continuous Threat Exposure Management (CTEM), shall we? CTEM, in its infinite wisdom, is not just a fancy tool or a magical technology wand you can wave to make all the bad cyber gremlins go away. No, it’s a convoluted five-step program that includes scoping, discovery, prioritization, validation, and mobilization. Because why make things simple when you can turn them into a bureaucratic nightmare?

Now, let’s talk about the tools and technologies that make CTEM tick. We’ve got CAASM (Cyber Asset Attack Surface Management), EASM (External Attack Surface Management), EM (Exposure Management), and RSAS (Red Team Automation Systems). These acronyms sound like something out of a dystopian sci-fi novel, don’t they? They’re crucial for peeking into every nook and cranny of your organization’s digital environment, including that forgotten server from 2003 that everyone’s too scared to touch.

Moving on to the methodology, which is as straightforward as assembling IKEA furniture without the manual. First, we have scoping, where you pretend to know what you’re doing by defining the initial exposure scope. Then there’s discovery, where you play digital detective and hunt for vulnerabilities. Prioritization is next, where you decide which digital fires to put out first. Validation is like checking your work to make sure you didn’t just make everything worse. And finally, mobilization, where you rally the troops and hope for the best.

Challenges of Implementing CTEM

📌 Getting Non-security and Security Teams Aligned: IT infrastructure, DevOps, and security teams often have communication gaps, which can pose a challenge when implementing CTEM

📌 Seeing the Bigger Picture: A comprehensive CTEM program covers many areas, each with its own set of tools and unresolved problems. Aggregating all information to understand priorities and responsibilities can be challenging

📌 Overcoming Diagnostic Overload: Each area covered in CTEM has its own tools, which yield alerts. Managing the information stemming from these alerts can be challenging

📌 Adopting a Risk-centric Approach: Traditional cybersecurity measures often focus on achieving compliance. However, CTEM emphasizes understanding and managing risks specific to an organization’s unique context, which requires a nuanced understanding of the business landscape

📌 Integration of Continuous Monitoring Tools and Technologies: As organizations embrace innovations such as the Internet of Things (IoT) and cloud computing, they must adapt their CTEM frameworks to address the unique challenges posed by these technologies

📌 Operationalizing a CTEM Strategy: Implementing a CTEM strategy requires significant investments in time, budget, personnel, and technology

Cyber insurance offers several benefits for businesses:

📌 Coverage for Data Breaches: Cyber insurance can cover the costs associated with data breaches, including litigation, recovery, and identity theft. This is particularly beneficial given that a cyber attack, on average, can cost a company over $1 million.

📌 Reimbursement for Business Loss: Cyber attacks often interrupt business and cause lost revenue. An effective cyber insurance policy can insulate a company from these costs.

📌 Defense Against Cyber Extortion: Cyber insurance can provide coverage against cyber extortion, such as ransomware attacks, where critical business data is encrypted and held hostage by cybercriminals until the company pays.

📌 Coverage for Business Interruption Losses: Cyber insurance can cover business interruption losses, keeping businesses financially afloat while recovery efforts are underway.

📌 Regulatory Compliance: Cyber insurance can help cover potential fines and the cost of legal defense associated with non-compliance to data protection regulations.

📌 Reputation Management: If customer information is hacked or data is held hostage, it can significantly damage an organization's reputation. Cyber insurance often provides crisis management and public relations support to manage such situations.

📌 Risk Mitigation and Recovery Resources: Cyber insurance provides resources for risk mitigation and recovery, helping businesses respond quickly and effectively to cyber incidents.

Insurance companies are adapting to the changing cyber landscape through several strategies:

📌 Stricter Underwriting Practices: Insurers are requiring more detailed information about IT systems and security controls from businesses seeking coverage. This helps them better assess the risk and tailor the policies accordingly.

📌 Higher Deductibles and Coverage Restrictions: To manage their risk exposure, insurers are increasing deductibles and placing restrictions on coverage, particularly for systemic risks and technology errors and omissions.

📌 Emphasis on Proactive Risk Management: Insurers are placing more emphasis on proactive risk management, encouraging businesses to engage in comprehensive risk management practices, including partnering with third-party security providers to identify and mitigate vulnerabilities.

📌 Collaboration with Cybersecurity Firms: Insurers are collaborating with cybersecurity firms to develop comprehensive insurance products that reflect a better understanding of the risks involved.

📌 Investment in Cybersecurity Measures: Insurers are investing in robust cybersecurity measures, regularly updating their systems, and providing comprehensive training to employees to identify and respond to potential threats.

📌 Tailoring Insurance Products: Insurers are tailoring their insurance products to meet the individual needs of clients, recognizing that different businesses have different concerns and risk profiles.

📌 Building Partnerships Beyond the Insurance Industry: Insurers are working with government agencies, academic institutions, and industry associations to navigate emerging risks and develop a more comprehensive understanding of the cyber threat landscape.

Several key factors are driving the growth of the cyber insurance market:

📌 Increasing Cyber Threats: The rise in cyber attacks and data breaches has led to an increased awareness of the risks and the need for protection, driving demand for cyber insurance.

📌 Growing Awareness: More businesses are understanding the need for cyber insurance as they become more aware of the potential financial and reputational damage that can result from cyber threats.

📌 Regulatory Environment: The regulatory environment is also driving growth. As data protection regulations become stricter, businesses are increasingly seeking cyber insurance to help manage their regulatory risk.

📌 Digital Transformation: The shift in business models towards more digital and e-commerce capabilities has increased the exposure to cyber threats, driving the demand for cyber insurance.

📌 Data-Driven Policies: The use of data to drive policy underwriting is becoming more prevalent. This allows cyber insurance companies to offer more accurately priced premiums, which can lead to lower loss ratios and higher profitability for the industry, thereby driving growth.

📌 Limited Supply: Demand for cyber insurance has been increasing, but limited capacity on the supply side has led to adjustments in coverage, terms, and conditions, which has contributed to market growth

📌 Risk Awareness and Preparedness: Increased awareness of cyber risks among businesses and the recognition of the need to protect themselves against these risks are contributing to market growth.

The future of the cyber insurance market is expected to see significant growth, driven by the increasing frequency and cost of cyber threats:

📌 Market Growth: The global cyber insurance market is projected to grow significantly. According to Fortune Business Insights, the market was valued at USD 13.33B in 2022 and is forecast to grow to USD 84.62B by 2030, exhibiting a CAGR of 26.1% during the forecast period.

📌 Increasing Demand: Demand for cyber insurance has been increasing, but limited capacity on the supply side has led to adjustments in coverage, terms, and conditions. This demand is likely to continue to grow as cyber threats increase.

📌 Dynamic Underwriting: As cyber risk management and risk quantification become increasingly popular, the shift to dynamic underwriting will become more feasible. This involves insurers adjusting premiums based on a company's current cybersecurity posture and practices, rather than static factors.

📌 Stricter Requirements: Insurers are developing stricter requirements for policies, which could lead to a decrease in the number of insurable companies but an increase in the demand for cyber insurance.

📌 Data-Driven Policies: The use of data to drive policy underwriting is expected to increase. This could lead to more accurately priced premiums, lower loss ratios, and higher profitability for the insurance industry.

📌 Increased Collaboration: Insurers and vendors are expected to work together more closely to develop sustainable solutions for the cyber insurance market. This could involve increased communication to prevent attacks.

Healthcare

📌 Data Breaches: Healthcare organizations hold large amounts of sensitive data, making them prime targets for data breaches.

📌 Ransomware: Cybercriminals target healthcare to cause disruptions and extort money by encrypting patient data and demanding ransom.

Financial Services

📌 Data Theft: Financial institutions are targeted for the financial data they handle, which can be used for fraud or sold on the dark web.

📌 System Disruption: Attacks aimed at disrupting financial systems can have widespread economic impacts.

Education

📌 Data Breaches: Educational institutions hold valuable research data and personal information of students and staff, which can be targeted.

Low-risk industries include:

📌 Agriculture: Traditional farming may not be as attractive to cybercriminals due to less reliance on digital technology and fewer valuable digital assets compared to other industries.

📌 Construction: While construction companies are increasingly using technology, they may not be as high-value targets as industries like finance or healthcare.

📌 Entertainment and Media: While these industries do face cyber risks, especially related to intellectual property theft, they may not be as heavily targeted for sensitive personal data as industries like healthcare or financial services.

📌 Services (Non-Financial): Service industries that do not handle large volumes of sensitive financial data may face lower cyber risks.

It's important to note that no industry is immune to cyber risk, and the level of risk can vary within an industry based on a company's specific practices and exposure. Even within industries that are generally considered to have lower cyber risk, companies that are more digitally connected or that handle any sensitive data may still face significant risks and should take appropriate cybersecurity measures.

Industries with high cyber risk are typically those that handle sensitive data, have a high degree of digital connectivity, or are critical to infrastructure. Here are some examples:

📌 Healthcare: This industry is a prime target due to the sensitive nature of the data it handles, including personal health information and payment details. Cyberattacks can also disrupt critical healthcare services.

📌 Financial Services: Banks and other financial institutions are attractive targets due to the financial data they handle. They are often targeted for financial gain or to disrupt financial systems.

📌 Education: Educational institutions often have large amounts of personal data and research information, making them attractive targets. They also often have less robust cybersecurity measures compared to other sectors.

📌 Retail: Retailers handle a large amount of personal and financial data from customers, making them attractive targets for cybercriminals. E-commerce platforms are particularly vulnerable due to their online nature.

📌 Public Sector: Government agencies are often targeted for the sensitive information they hold, which can include personal data, financial information, and state secrets. These attacks can be motivated by financial gain, espionage, or disruption.

📌 Manufacturing: The manufacturing sector is increasingly being targeted due to its high disruption factor and the potential for theft of intellectual property.

📌 Automotive: The automotive industry is becoming a target due to the increasing connectivity of vehicles and the potential for large-scale disruptions.

In the grand theater of global technology, the West and its allies, along with the Council on Foreign Relations, are putting on quite the performance. Picture this: a dramatic scene where Western powers are in a tizzy over Russia’s strides towards technological independence. As Astra Linux emerges as a symbol of this shift, Western tech giants lament their lost market share, shedding tears over the billions once flowing from Russian coffers. Meanwhile, espionage budgets are being stretched thin as intelligence agencies scramble to uncover vulnerabilities in Astra Linux. But, in a bid to save costs, they’re calling on everyone to use open-source intelligence, or OSINT, essentially outsourcing the heavy lifting to others for free.

Text / PDF

Cyber insurance policies typically include several exclusions, which are specific situations or circumstances that are not covered by the policy:

📌 War and Terrorism: Cyber insurance policies typically exclude coverage for losses resulting from acts of war, terrorism, or other hostile actions.

📌 Physical Damage: If a cyber attack destroys physical infrastructure or equipment, the insurer may not cover the costs of repairing or replacing those assets.

📌 Technological Improvements: Cyber insurance helps businesses restore their computer systems to the state they were in before the cyber incident. However, the cost of upgrades or improvements to the technology is typically not covered.

📌 Unencrypted Data: If a data breach involves unencrypted data, the insurer may deny the claim based on this exclusion. To minimize the risk of having a claim denied, businesses should follow industry best practices for data encryption and other security measures.

📌 Potential Future Lost Profits and Loss of Value Due to Theft of Intellectual Property: insurance policies generally do not cover potential future lost profits or the loss of value due to the theft of intellectual property

Cyber insurance policies typically cover a range of cyber attacks, and the specific coverage can vary based on the size of the business and the specific risks it faces:

📌 Data Breaches: This is one of the most common types of cyber attacks covered by cyber insurance. It involves incidents where sensitive, protected, or confidential data has been accessed or disclosed in an unauthorized manner.

📌 Cyber Extortion: This includes ransomware attacks, where a type of malicious software threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.

📌 Network Security Breaches: This covers incidents where an unauthorized individual gains access to a company's network, potentially leading to data theft or damage.

📌 Business Interruption: This covers losses that a business may suffer due to a cyber attack that disrupts their normal business operations.

📌 Privacy Liability: This covers liabilities resulting from privacy law violations or cyber incidents that expose private data.

For large corporations, these policies often include coverage for third-party liabilities, such as costs related to disputes or lawsuits, losses related to defamation, and copyright or trademark infringement.

For small businesses, the coverage may be more focused on first-party losses, such as costs associated with notifying customers of a breach, paying legal fees, and hiring computer forensics experts to recover compromised data.

In the grand theater of global technology, the West and its allies, along with the Council on Foreign Relations, are putting on quite the performance. Picture this: a dramatic scene where Western powers are in a tizzy over Russia’s strides towards technological independence. As Astra Linux emerges as a symbol of this shift, Western tech giants lament their lost market share, shedding tears over the billions once flowing from Russian coffers. Meanwhile, espionage budgets are being stretched thin as intelligence agencies scramble to uncover vulnerabilities in Astra Linux. But, in a bid to save costs, they’re calling on everyone to use open-source intelligence, or OSINT, essentially outsourcing the heavy lifting to others for free.

------------------------------------------------------------------------------

Wanna read in PDF? scroll to the end of pages for PDF

------------------------------------------------------------------------------

In recent years, Russia has embarked on a path of digital sovereignty, driven by a combination of geopolitical tensions, Western sanctions, and domestic policy choices. This shift, accelerated by Western sanctions, has led to a significant transformation in the country’s technological landscape. As Western companies withdraw and sanctions tighten, Russia has increasingly turned to domestic alternatives and Chinese technology to fill the void. This analysis examines Russia’s increasing digital sovereignty and growing dependence on Chinese technology, particularly in light of Western sanctions. It explores the implications of this shift for human rights in Russia, cybersecurity, and international relations. The paper argues that while Russia aims for technological independence, its reliance on Chinese tech creates new vulnerabilities and policy opportunities for the West.

The Council on Foreign Relations (CFR), a prominent US think tank, has called for the use of intelligence resources to assess the security of Astra Linux, a Russian operating system. This initiative is part of a broader study on Russia’s efforts in import substitution and digital sovereignty. Astra Linux is widely used in Russian military and intelligence systems, making its security a matter of interest for US analysts.

The CFR suggests that the open-source nature of Astra Linux might introduce vulnerabilities that could be exploited at scale. They advocate for the use of open-source intelligence (OSINT) to understand how Russia implements technologies like Astra Linux and to identify potential security weaknesses. The CFR also notes that «Russia’s increasing digital isolation and reliance on domestic and Chinese technologies might limit its access to global cybersecurity expertise, potentially impacting the security of Astra Linux».

Cyber insurance premiums can vary significantly between industries with high and low cyber risks.

For industries with high cyber risks, such as healthcare, finance, and retail, which often handle sensitive customer data, the premiums are typically higher. These industries are attractive targets for cybercriminals, and as a result, they face higher premiums due to the increased risk.

On the other hand, industries with low cyber risks, such as those with strong cyber controls, can have average premiums ranging from about $1,400 to about $3,000 per million of limit.

In addition, the size of the company also plays a role in the premium costs. Larger companies typically have more complex systems and more data, which can increase their risk profile and therefore, they may face higher premiums. Conversely, smaller entities in low-risk industries with strong cyber controls can have lower premiums. Insurers have also become more selective about who and what gets covered, and have tightened policy terms and conditions to reduce unexpected losses

Several factors are driving the high premiums in the cyber insurance market:

📌 Increasing Cyber Threats: The number and cost of cyber threats are increasing, which in turn increases the value of insurance premiums. As the cost of threats rises, so does the value of the premiums.

📌 Rising Claims: The frequency and cost of claims have been increasing, leading to higher loss ratios for insurers. This has resulted in higher premiums to cover the increased payouts.

📌 Lack of Historical Data: The cyber insurance market lacks extensive historical data, making it difficult for insurers to accurately predict future risks and set premiums accordingly.

The cyber insurance market faced several challenges in the past year:

📌 Lack of Historical Data: The cyber insurance industry has struggled with a lack of historical data, making it difficult to predict future cyber risks and set prices for cyber insurance.

📌 High Demand, Limited Supply: The demand for cyber insurance has been increasing, but limited capacity on the supply side has led to rising rates and adjustments in coverage, terms, and conditions.

📌 Risk Miscalculation: The cyber insurance market has experienced significant losses due to risk miscalculation, leading to a shift in the market from a soft cycle, characterized by lower premiums and higher limits, to a hard cycle, resulting in skyrocketing insurance premiums.

📌 Unsuitable Underwriting Practices: The market has been characterized by unsuitable underwriting practices, with insurers developing stricter requirements for policies, causing the number of insurable companies to decline and the demand to skyrocket.

📌 Systemic Cyber Risk: The possibility of a large-scale attack where losses are highly correlated across companies makes it difficult to write comprehensive policies.

📌 Sector-Specific Challenges: Specific sectors with historically poor security postures, like education, or highly targeted sectors, like software developers, may have a more challenging time obtaining coverage.