When I first started as the CISO at the Port of Seattle in 2004, one of my first tasks -– besides building a security program –- was to work with our risk management organization to investigate the viability of purchasing cyber insurance for protection