Field Notes
What we're seeing in the field.
Practical analysis on cybersecurity, AI risk, compliance, and cyber insurance — written for the people who actually have to make the decisions.
The FTC Safeguards Rule in 2026: What Auto Dealers Are Still Getting Wrong
Three years after the amended rule took effect, dealers are still failing on the same four controls. Here's what enforcement looks like — and what to actually implement.
How to Answer a Cyber Insurance Questionnaire Without Tanking Your Premium — or Your Claim
Underwriters now verify answers against your environment. Overstating controls doesn't lower your premium; it voids your policy when you need it most.
Shadow AI in the SMB: What Your Team Is Already Doing With ChatGPT and Claude
Your employees are pasting customer data, contracts, and source code into AI tools you never approved. Here's the actual risk and four controls you can deploy this week.
Microsoft 365 Cost Optimization Without Weakening Your Security Posture
Most M365 cost-cutting advice quietly removes the security features your cyber insurance assumes you have. Here's how to cut spend without breaking your controls.
Ransomware Readiness in 90 Minutes: A Tabletop Exercise You Can Run This Week
Stop confusing 'we have backups' with 'we are ready.' Here's a 90-minute tabletop that exposes what your team actually does in the first hour of a real incident.