News & Advisories

The IR-1 Cyber Firefighting Model and The Great Fire of London

Blackpanda's mission to democratize cyber resilience is inspired by the history of firefighting, which has its roots in cyber insurance after the 1666 Great Fire of London

The Great Fire of London in 1666 nearly destroyed the city forever. Thousands of Londoners lost their houses and businesses to this tragedy and, as a result, fire insurance was created.

Before this dramatic historical event, only marine insurance existed, as it had been designed for vessels heading to the New World.

Insurance companies quickly discovered that the most cost-efficient way to handle fires was to build private fire brigades (or “fire #incidentresponse” teams), as they were able to put out the fire more quickly, limiting the damage it created and, in turn, limiting claims.  

It was later discovered that having a single large fire brigade was more resource-efficient, and so several insurers came together to build a unique, stronger team of professional firefighters. Eventually, the British government accepted that firefighting should be a public service, and instituted a national brigade by nationalizing the insurance companies’ private fire brigade.

In Ray Dalio’s words, we are often surprised by cyclical events that last occurred before we were born. This may be the case with the history of firefighting.

At Blackpanda, we believe that cyber insurance and cyber #incidentresponse are merely the digital versions of fire insurance and firefighting, and over the past few years, we have observed the same business model as firefighting to be fitting for the field of cyber incident response as well. We strongly believe that all humans have the right to self-defense.  We can call emergency services when a bad guy robs our home, but there is no such help when the same bad guy robs us via digital means.

The only cyber security hotline presently available at the moment are incident response (IR) retainers or cyber insurance. At the moment, retainer cost is extremely high and only larger companies can afford them, and cyber insurance can be cumbersome or difficult to purchase, albeit an overall superior product. While Blackpanda can provide both traditional IR retainers and cyber insurance, like conventional vendors in the market, we also have utilized our unique convergence of cyber security services, technology, and insurance acumen to create something much better for the mass market.  Our vision is to leverage the elegant insurance business model, enhanced by machine learning-driven insurtech solutions, to distribute cyber digital forensics and incident response to everyone, just like London’s fire insurers did 400 years back.

We want to democratize cyber incident response similarly to how we all enjoy democratized firefighting services.

We believe that the business model of IR retainers is insufficient to sustain a true professional crisis response unit. We know all too well from our days as young Okinawa-based counterterrorist officers in the US Army Special Forces that training and maintaining expert crisis responders is a long, complicated, and expensive process. It is no wonder there is such a quick rate at which IR specialists drop out from the market due to burnout after a mere two or three years, and we observed the same problem in earlier years of Blackpanda.  It is clear from any basic military operator’s eyes that this high churn rate means that the operational tempo is too high, and there needs to be a dedicated rest and training cycle to sustain long-term, continuous battle operations.  This means that the IR business needs to make possibly as much as two times the traditional model to sustain a true professional crisis response unit over a long time horizon, and the traditional cyber IR retainer model is not capable to achieve this hurdle.

It took seven years of hard work, great pain, and trial-and-error for Blackpanda to build the necessary components and finally arrive to this ultimate destination after serving many companies facing both physical and cyber crises in Asia–not terribly unlike the fire insurance industry’s accidental birth of firefighting from the Great Fire of London in 1666.

We enjoy democratized firefighting services by paying tax.  Everybody pays a little bit into the kitty to cover the services for the unfortunate few that suffer a fire.  Blackpanda is synthetically creating the same firefighting model in the private sector via the insurance model.  We will collect a little bit into our kitty to cover the cybersecurity incident response services for the unfortunate few.

Our view of the world has always been one of collaboration because we believe a “Cyber 9/11” or digital equivalent of “The Great Fire of London” is coming, and firefighters will need to collaborate for the sake of all of us.  We believe that eventually the insurance industry will drive consolidation of IR firms for better resource allocation as well.  The competitor to us has always been the adversary (“the bad guys”), not our peers in the market, who we view as adjacent units in the same fight and always as potential partners who may reach out one day with coordinating actions.  We hope to add a formidable cyber incident response “one kick” to the team and humbly offer our services to the Asia region.

Interested in speaking to a DFIR specialist?

Contact Us

Trusted by the best to defend against and respond to cyber crises.

See our partners