Watch It On:
Podcast:
Recorded on:
The Data Breach Playbook
February 17, 2025
When a breach hits, it’s not just about stopping the attack — it’s about understanding exactly what was accessed, how far it went, and who needs to be notified. In this episode of The Data Breach Playbook, we discuss the real role of digital forensics during an incident response. Jason Simmons (Mills Oakley - Cyber Law) and Andrew Brett (Infosure - Cyber Insurance Specialist) join Liam (EvolveCyber) to unpack what actually happens behind the scenes of an investigation—from legal privilege and insurer coordination to the emotional toll of notifying clients that their data has been compromised.
We explore:
🔹 Why “just changing passwords” isn’t enough
🔹 How forensic evidence drives legal and regulatory decisions
🔹 The cost tension between doing it right vs. doing it cheap
🔹 What separates a professional notification from a PR disaster
🔹 Why MSPs and brokers are crucial in the early hours
👨🏻💻 Host: Liam Benson – Cyber Strategist, Director, Evolve Cyber
🔗 LinkedIn | Company LinkedIn | Website
Special Guests:
👨🏻💼Jason Simmons – Cyber Law Expert, Partner, Mills Oakley
🔗 LinkedIn | Company LinkedIn | Website
👨🏻⚖️ Andrew Brett – Cyber Insurance Specialist, Director, InfoSure
🔗 LinkedIn | Company LinkedIn |
Hello and welcome this is Liam from Evolve Cyber. I'm joined with Jason Simmons. And Andrew Brett. Welcome to the first episode of the Data Breach Playbook. Lessons for Every Business Leader. So data breaches are becoming more frequent and the impact can be devastating. This podcast we're bringing together experts from different fields, cyber law insurance and cybersecurity to share real world experiences.
Our goal is to cut through the noise, raise awareness, and provide practical insights to help businesses navigate the complexities of a cyber breach, and ideally learn enough from this podcast so that they don't experience a cyber breach because cyber breaches are not fun. As we'll discuss a little bit later.
So in this podcast, as I mentioned before, we've got Jason and Andrew, so rather than hearing me, yap. The whole time I thought I'd get some more qualified experts in the room to just share some share their experiences, share some tips, and share some more information. I will get maybe Jason, yourself, if you wanna share just a little bit about what you do at Mills and Oakley.
What's your day to day look like? What's been your experience in the cyber industry? I.
Yeah. Thanks Liam. Yeah, it's great to be on the pod with you and Andrew, really appreciate it. What do I do day to day? I lead the cyber practice at a national law firm by the name of Mills Oakley.
We're all about helping organisations and some individuals with cyber incidents, whatever form. They may come in a lot of them are data breaches. Be business, email compromises, invoice frauds, ransomware attacks, you name it. We help through the whole process from the moment they discover something's off right through to hopefully wrapping it up.
And it hasn't impacted them too badly, right through to if unfortunately, they may face a regulatory investigation or heaven forbid, litigation. We act on their behalf. But also because we don't like waiting until organisations suffer an attack. We also advise a lot of organisations on how to prepare for the inevitability of suffering an attack whether that's through a simulation exercise.
Helping them with planning, giving them some legal advice about where the law is at in, in their particular area. Whether that's from critical infrastructure, financial institutions, accounting firms, small businesses, you name it. We help 'em out and we have a. We have a great team. I have I've got three specialists in my direct team.
A couple of lawyers great people, and also a cybersecurity incident response specialist. And then across the firm we also have three other partners who specialise in three other particular areas of cyber, as we call it. One in privacy in government based in Canberra. Another part partner up in Brisbane who specialise in tech contracts.
And another who shares the office with me in Sydney who specialises in ai digital law, ICT stuff. So we cover the full spectrum of cyber as it's now known in 2025. And yeah, looking forward to getting into some of the nuts and bolts.
That's awesome. That's quite a I'm very excited to hear everything that you will be sharing because it's not for me at least, I don't get to talk to people like yourself who have got such a high skill level and work across such, I guess I would consider high end situations and things like that.
So I'm really excited. Thank you very much for that. We've also got Andrew, Brett do you want to give us a quick run through of what you do as well?
Yeah. Yeah, I'd love to and thanks for having me, Liam. Actually was really excited to jump on this 'cause I think it's a huge opportunity to get three very different backgrounds yeah.
Discussing the same, the same end result. So yeah. My name's Andrew Brett I'm the founder or co-founder and director of Infos. Sure. So what is info? Sure. I think to sum it up, and I think it's really probably important to go into that is, so I spent eight years doing general insurance. So your more physical, traditional risks of property liability motor vehicles.
So after eight years I just noticed a shift in the sort of digital risks that were coming on the forefront. And we just decided to dive right in and specialise in cyber insurance. It really began to be quite frank, and it was really nice to come outta the bubble.
I, I actually went to an it event and just was walking around the room looking all happy and going, what do you guys think about cyber insurance? Thinking I'd, I'd get some really good conversations and to be honest, I left with black eyes. I, and I'm glad I did because it really I left there thinking we've done the right thing.
So I, I. I just like Jason. We have a few people on the team that have different skill sets, but most importantly we do work with, over 45 cyber and IT partners across Australia. But people like yourself, LA I think that are really on the front foot with where cyber insurance is or fits.
And that we'll go into this later, but that it's not the enemy, it's not the dark arts. When I'm not vor there for a specific purpose. Just like legal, just like PR and all the other things we're gonna discuss. So yeah, look, we we love our cyber insurance. We've been doing it for just shy of two years now. And we're absolutely learning new things every day, which I think is really important.
I think the, as I'm sure you guys would agree, cybersecurity, there's something new every single day. Hearing the term two years sounds very short, but in the cyber world, that's quite a long time because of how quick things move. Yeah it's good
in perspective. I think a brick's been a brick for what, a couple thousand years.
So when you're looking at a building risk, it hasn't really changed much.
A hundred percent. No, absolutely. And yeah, I think on the cybersecurity insurance front as well, I'll be honest, I did not know much about it at all. I'll be completely honest, it did scare me for a little while because.
I don't know what this thing is. I don't know how it works. I don't understand the concepts and the terminology in the policy that I get. I read it and I go, what the hell does this mean? But over the last couple of months, working with yourself, Andrew, you've been able to help educate me and help me understand why cybersecurity insurance is so important.
And I think us three in the room too, there'll be a vast array of experiences shared from. What I do, what you do, Andrew, and then what you do as well, Jason, because really if you paint on the timeline, we all have our different kind of spaces and ideally I. Ideally, businesses don't want to have to get to the point where they might have to engage you, Jason, because by that point it may be too late, but we'll get to that later on in the podcast.
I'm really excited for that. I haven't actually introduced myself and what I do, so my name's Liam Benson. I'm the director of Evolve Cyber. Recently just rebranded, so I thought I'd turned my flashy little light on 'cause I think it's quite cool. But we're a managed security services provider based here in Melbourne, Victoria.
Got a small team as well. And really what we do is just help businesses understand their cyber and their technology risk. Now, probably not to the same extent of Jason, because your team's quite vast in their skillset, but we work more on the smaller end of town. And where I am really trying to place the business is in a place where.
We can help businesses who know they need to do something with cybersecurity, but know, dunno where to start working with them to help them understand, okay, where is everything at with all of your systems? How do we tie it all in together and how do we move forward to make sure that you are secure And then working with people like Andrew to make sure you've got cyber insurance.
So if something goes really wrong, and I think that's a really important point to note that, you can't stop a data breach 100%. You can't stop cyber incidents 100%. You can really do as much as you can and then making sure that you've got cybersecurity insurance to cover you. So when Jason gets called your bank account is still intact.
I do get better feedback from clients who have insurance picking up my fees instead of.
Yeah. A hundred percent. A hundred percent. I think I would love to ask the both of you what would be in particular one sort of myth in your space or maybe you see on LinkedIn or you hear from people, and maybe we'll start with you Andrew, 'cause I know you might have a few and that's okay.
What's a myth in your space that when you hear you go, nah that's not right. What's one of those myths?
I. I think there's two. I think that I'm gonna have to be cheeky and say, there's two myths. Go for it. Go for it. I think, yeah, I'll split it into two. And to be honest, like the first one is that, you know it.
I think a lot of people that I've spoken to think that it's insurance companies dictating the claim. Where I try to stress him, it is people like Jason and Jason does insurance and non-insurance work, so he's not, he doesn't work for an insurance company. Yeah, he gets paid by them, but he still works independently as Jason.
So I try to explain to people, like a lot of the people, and look, let's get blunt, 'cause let's get spicy. A lot of the people that are bashing cyber insurance, a lot of people that are bashing cyber insurance, like you're actually bashing your own kind. Because all the people I work with are actually either, within the cybersecurity field or they're attached to it.
And what I mean by attached to it is these like digital forensics specialist PR firms and, specialist cyber lawyers like Jason. So you. We, these aren't insurance people that come in and go, oh look, we'll give it a crack. It is what it is. So the first one is that, yeah, the people that are gonna assist you with the cyber insurance policy, actually you'd be working with them whether you had insurance or not, if that makes sense.
As Jason said, the difference between the billing between him with insurance and without his chalk and cheese. And I'll let him, I'll let him go in on that, but, and then obviously the second one is the big one, which is cyber insurance doesn't pay. This is where I will get pretty definitive because if you listen to this podcast, you came for the source.
Most of the time there is a clear reason why a policy is declined. And it's either that a sub limit or a particular cover wasn't taken. It's that. Information wasn't actually discussed between the broker, the client and any other parties. So what I mean by that is, it's an assumption or there, there's no person in that insurance placement process that could guide it.
And when I see a person, I specifically mean the insurance broker because if your. I'll put this bluntly. The client and the IT person or the client in cyber do not have Australian financial services license. They do not have any qualifications, so the insurance broker really needs to be dictating the conversation.
Now, again, I. I can only speak for info sure. But we are the ones who drive the insurance conversation. We're the ones that will explain why which insurers want, have minimum requirements. Some of them are a bit more lenient. Why some insurers won't give you a limit. That you're asking for why some insurers use different instant response providers, why some insurers do it in different ways.
I think the myth of it doesn't pay is long gone outside of the sense that, I hate to be rude, but if you go by direct insurance yourself, you, most people get what they get and then they get upset. Whereas if you actually make a calculated, an educated decision on what you're buying and you have someone that can provide that to you.
Heck, you might not like it, but at least you know what's put in front of you and you'll know whether you can some people with our clients, they'll say, look, we really want to cover for this. And I'll say, look, you need to do x, and x before you can get that. And it's a real conversation piece.
So yeah, I'll summarise because I could really go on all day about that one. But I think, yeah, the fact is the people that are gonna respond to your cyber insurance policy, number one, are gonna be actual cyber professionals. And the second one is that the right policies pay.
Yeah. Great point.
And I might just take the opportunity right now just to expel a bit of a myth from my perspective. You touched on the Australian, what was it, the A-E-F-S-L, was it, is that the license?
Australian. Australian Financial Services License. Gotcha. So yeah, that's what sits above. And then under that, you need a minimum of a tier one, what's called a tier one qualification to discuss any, insurance, cyber insurance.
I know people love that c word at the front cyber, but it's still a financial product. It's still, as far as ASIC's concerned it's still a very heavy regulated. Product
a hundred percent. And so someone like myself or IT service providers are not actually again against contra not contrary belief, but IT service providers can't actually advise on cyber insurance.
Is that right? 'cause they're not licensed.
Yes. And I'll give you a great example. I say to, 'cause I actually, I not, I don't know if the coach is the right word but I teach my IT providers what they can and can't say. Now you can say things like, you should look into a cyber insurance policy because it will financially assist you in a cyber incident.
So you can suggest that they have the conversation. But what, where I'm finding that what people are crossing the line is, I heard the other day. I heard someone say, we don't like this insurance company. We like this one. Now you're starting to give people more personalised advice.
You start to tell 'em about products. You say to discuss actual insurance products, and you gotta be, you gotta be very careful. Because the end result is if someone followed that advice and made a decision and suffered a loss from that, or they're gonna, instinctively, as humans do, they're gonna point the finger and go you told me to do that.
Now the difference is I have. Professional indemnity insurance. Jason has it. You have it? Yep, we have it. And we only got that on the basis that we have our licenses, we have our requirements, we're allowed to do what we do. So outside of. The gray area. The fact is even your insurance is gonna go any MSP, any MSSP, any whatever acronym they want to go by, first thing that's gonna happen is they're gonna go to the insurance company and say, oh, I need to do a claim.
Someone's coming after me for X. And they're gonna say no, sorry buddy. You don't qualify for that because we don't cover that. Yeah. But yeah it's like most things, general advice and personal advice, it's, I think the hard part is people aren't, they're they're gray.
There's gray areas. People are straying into gray areas where they're giving they're making very they're they're advising. Just to summarise.
Yeah. Yeah. No, that makes sense. Thank you for clarifying that myth for me. Yeah. I, I. It is a very enlightening conversation. I think the legalities of that are quite often forgotten, at least from my side of the fence.
'Cause in my side of the fence in my world, in my industry some people have their heads in the clouds and haven't had asic come knock on their door yet. But anyway we'll park that conversation there for a second. I'd love to move over to Jason from your perspective and you might have some, some experience to share based on what Andrew has just mentioned as well. But if there's this particular myth that you would love to expel around the topic of cybersecurity, please by all means. And you can even have two myths if you like.
Yeah, sure. I'll I'll take two. First one is that cyber incidents only impact larger organisations.
I reckon I talk about that a lot. Small business owners need to appreciate that. Cyber criminals usually actually most of the time, don't care who they're attacking. They're not. They're not targeting organisations by revenue size, by employee number, by the notoriety of your business name. They are going across a network that most of us don't understand looking for.
An easy metaphor is a criminal walking down the street, looking for the door that's open to the house so that they can nick the TV easily. They don't know how much the owner of that house is earning, they just steal the tv. Same kind of concept. So if you happen to be a small business who has an actor.
Get inside your network and do some nasty things, steal your personal information, you hold, or even your business confidential information. You suffer in the same way that a larger organisation suffers. So that would be a huge myth that needs to be dispelled yesterday. And the second one the second one is, and this comes up too.
Adding to some source that Andrea's added is that there's no competition between cyber insurance and cybersecurity in assisting businesses with cyber risk. They work together. And what I mean by that is it's not a case of, oh I'll buy cyber insurance so that if I have an incident, the insurer will pick up the tab and I'll move on.
Or another organisation might say I'll buy more security. I won't buy insurance, and that'll help me prevent me from having an incident. The problem with both of those scenarios is that if you buy insurance, and don't worry about your security, you're just asking for pain. Yeah, and your insurer's not gonna like that, particularly when renewal comes around.
I'm sure Andrew will talk about that. And secondly, if you just uplift your security, we all know, surely we all know now that you can still suffer a successful attack because no security can prevent, humans making. In their day-to-day work, which enables a compromise to happen. And we've seen the biggest organisation in town that spend tens of millions every year on security get hacked.
So can you be So that's why I'm really beating the drum and working, with yourselves on making sure we're telling. Australian small business particularly that they can uplift their security and please do, at the same time, they can talk to Andrew about buying cyber insurance if they haven't already.
Yeah, because having done those two things, you are now going to be the house that has the door closed and no longer be easy. Target. But if they somehow get in, still you've got the support that you are gonna need so that you don't geez, I could take this metaphor. You don't have toose on the house as a result of that attack.
Yeah, they're probably the two myths that I like to share the most, mate.
A hundred percent. A hundred percent. And I think I think, yeah, exactly that. I can't tell you how many conversations I have with business owners who sit across the table from me and say, Liam, it'll never happen to me. And I sit there and I protest and I say, maybe not as nice as this in my head.
I say yeah, until it does, because it's gonna happen at some point. It just takes one thing after another and yeah. That's such a great point. My, my myth was gonna be pretty much along those lines, and you've summed it up perfectly, Jason, that. Data breaches do happen. Compromises do happen.
They happen more often than or think. And, if you're a proactive business owner, if you're a proactive person, having the right things in place to make sure that when that rainy day comes, you have got the right supports in place. Because I think, and maybe you know, Jason, you can share a little bit more on this, but when a breach happens, the last thing you wanna be doing is.
Pointing fingers. I think, getting in and sorting out the problems and making sure that you're, as you're able to assess the damage and make sure that you minimize the damage is more important than pointing fingers,
yeah, absolutely. In fact, sometimes I feel the support we're able to give organisations, we actually have to keep saying to them, oh no, we still need to engage with you and need your assistance with these things.
It's not a. Your insurer and and forget about it. We still work with the organization to get through, but it's they have that people who have done hundreds of incidents and are working on other incidents. As we speak, we understand the current threat environment.
We understand how the regulators work. The kind of questions that they may ask. We understand how you, your employees and your customers are likely to respond when they receive a notification. We understand. We personally know the people, within the agencies of the government that assist you through an incident and that gives you access that's impossible to get yourself, to be honest, unless, unless you do a considerable amount of work at the time of the incident, when you are trying to run your business at the same time, or survive or live your life. Instead we've already established, all those relationships and all those processes so that it enables you to continue, building your widgets and providing your services.
We're helping you through and 'cause it, and I probably put this back to Andrew is our ultimate job when we're instructed is to actually get the business back to normal as soon as possible and make sure they've complied with the law and that's it Otherwise. It's not about anything more than that when it comes to that pure incident response service that a cyber insurance policy provides.
Yeah.
Yeah. Good point. You actually made a great point there, Jason. You meant buying through, buying a policy, and someone did say this to me in a, in an analogy was, a cyber insurance policy probably needs to be more seen as an incident response retainer solution. So let's flip the script and say, Hey, you give me $2,000 for a million dollar policy.
You've just retained Jason and his team for two grand a year. Go find me a lawyer that will do an instant response for two grand. And I'm not gonna tell you, you should do that instead of doing cybersecurity, as he said I'm not gonna be like, oh, buy the house insurance and don't put a deadlock on the front door.
That just wouldn't, would work. I can only speak for him for sure, but it wouldn't, it would never happen. You'd say buy the deadlock. In fact, you're not gonna get the house insurance without the deadlock. So you have to go do this because an insurer's not gonna go, oh, we'll put the, as Jason said, we're not gonna pick up the tab on the house if you didn't have any locks or fire extinguishers or fire alarm.
It's not a, we're not a charity. So yeah, I think you've nailed it, Jason. You get access to people like yourself, which you just don't without that it
And I think just to tag off the back of that it's one thing also too, and again, this is coming back to my experience with speaking with people.
It's one thing to. When you're sitting and everything's calm and your business is performing well, I think it's one thing to sit there and go, oh yeah, we'll be fine in a breach compared to when, your bank accounts potentially might be locked or there is no money in the bank accounts and you've got to pay staff, you have to pay wages, you still have to pay your mortgage or your rent on your commercial building.
You know when that's all happening. That is a completely different state of mind to. When everything's all good and, the sun's shining and life's good. Do you know what I mean? That's so Oh, absolutely
absolute. And the other thing is people would say, I hate to be bleak, but when you crash your car, when you're building a fire, you can actually see the risk.
You can see the danger. Most cyber incidents, you gotta find it. It's not, it's a whole new world like, I hate to say, but you're like, oh, something's going wrong. I don't have a clue where it is, what it is, how fast it's moving. I don't know who's doing it. At least with a fire. I'm not saying it's any better, but at least with a fire or sort of traditional physical risk, you're like, that's the fire.
Like it's right there. I can see what it is. Jason and his team have to go find it before they can tell you the scope of it. Yeah, look
and some of the incidents we're working on at the moment it's becoming both that non-visual risk, right? Like an actor in your network doing you're not sure what they're doing, what they've done, what they've stolen.
But secondly, we're also seeing a lot of extortion of small businesses, particularly whether that's through a. Social engineering whereby they're able to fool you or your client into sending a bunch of money to the criminals bank account. And so straight away when we're notified, the business might be in the can for, 50, a hundred thousand dollars.
Straight off. Straight off the top. They might have a client demanding, hang on, we want that money paid.
That amount of coin as a small business quickly so that you can maintain that relationship. What if that's one of your major clients, that would've expected you to have? And they'll make assumptions like, oh, their security mustn't be good enough, or they did something wrong. You could be completely innocent, have a very sophisticated attacker, conduct what they've done.
But regardless, you've got a debt to pay and that's the way the courts will look at it. And we can get into the weeds of that through this series. But absolutely cyber insurance is there to advise on to I advise the insurer on the coverage of that. That fraudulent payment. And that's, that is so invaluable to a business to be able to be made whole for that immediate financial loss.
A lot of people aren't aware probably of that coverage on the cyber insurance.
No, and I think definitely if I look again back on my knowledge and experience of cyber insurance prior to a well-rounded education from Andrew, for example, and others. No the information's not there. And I think one, one of the things that, we hope with this podcast is that there'll be a bit more knowledge around cyber insurance to help paint it in a positive light because it absolutely is something that is necessary.
And even just for all of our clients, I'm working through the process of getting, making sure that they have a cyber insurance policy. So again, when that rainy day comes, it's. A lot easier to manage and what do you're not having that call. What do you mean I need to pay a hundred grand?
You know, and I think I'd like to just fully wrap it up. I'd like to validate you there, Liam. The reason people don't know is I went to a conference with 160 brokers and I reckon I spoke to three that knew anything about cyber insurance. So you're talking about, I feel for the brokers, because they've gotta look, it's one of the only sort of professions where they've gotta look after 5, 6, 7, 8 policies.
And for the last 20, 30, 40, 50, 60 years, there hasn't been cyber. It's very new. Just to validate that there is a reason why I just don't want anyone listen to podcast going, why don't I know anything about it? It's, that's the reality of it. It, there's very little professionals that know what's going on.
On the insurance brokering side, there's insurers every day. That are putting content out and it's fantastic. But no, there is a it's hard. It's hard to find it. Yeah. And I'm not saying that on a bias level, it's just hard to find the right sort of advice.
Absolutely.
Absolutely. Stay tuned for the rest of the episodes. Before we close this out, I'd love to get a key prediction from both of you. One, one h will be fine. For 20 25, 20 26, or even beyond. I'd love to, to get some predictions.
Ooh, if you have one. Sure. Crystal ball moment. Alright. For the lawyer on.
On here I'll predict something. I predict this year one of our courts is going to give a judgment that has a material impact on incident response. And what I mean by that is that we're going to see one of the Australian judges actually look at how does privacy law, how does incident respond Response.
Work and how does a forensic report and findings and interact with the harm suffered by individuals impacted by that that incident. I think that would be helpful to everyone, large and small business owners, because we're going to get some, something from the bench as they say around, what is the ultimate risk?
To the business if it, if they do suffer an incident, if individuals are harmed, maybe you haven't managed it well, how can that hurt? You as a business, whether that's through damages being held against you or a penalty by a regulator. I think we're gonna see that this year.
Which case? I can't say there's a bunch of them ongoing at the moment, but I think one of them will give us some guidance.
Jason took 2025, so I'm gonna take 2026. I think, I actually think cyber insurance is gonna morph into what we know of public liability insurance. So there's gonna be a lot more internal contractual requirements from you as a smaller business to work with a bigger company.
Things like you need to provide us with the proof of that you have cyber insurance that you've been able to get it. And, whether that's even not just new tenders, but they might do a, businesses might put a thing out so that we need to make sure everyone that we work with, all our suppliers and vendors, we really need to make sure that you've, you've got that financial backing as Jason said. That's the whole point. There's no point in them gonna sue someone. They're going, oh shit, we're insolvent. It's, it goes with it. That's the brutal nature of insolvency. No one gets paid. Naturally people come in and say to protect that we need people to have financial backing.
So yeah, I think as in 2026, maybe not 2025, but cyber insurance, that sort of relationship businesses have with public liability insurance currently, that's what it's gonna start looking like for cyber because there is first party cyber li third party cyber insurance, but there's also a third party cyber liability.
Yeah, absolutely. And yeah, I think off the back of that, my prediction would be similar to that there. We're seeing, like I'm seeing this on the side of smaller businesses working on the large end of town, or have some sort of provide some sort of service to a larger entity. Supply chain compliance I think is gonna become almost mandatory in the sense of I don't exactly know how this will be potentially.
And look, again, I'm not a lawyer. That's why we have a lawyer in the room. Potentially from a, even from a contractual perspective. There are bigger organisations, like the Telstras and the A n Zs and the nabs and whatever they do, this supply chain risk assessment every 12 months, you've gotta fill out a questionnaire.
I think that's gonna start coming down to smaller bus or smaller and medium sized organisations on a regular basis of some sort. What that looks like, I don't know, but it'd be interesting to see as well. And again, I know we're. Probably gone a little bit over time, but if you have any knowledge or experience on either of this, please jump in.
It'll be interesting to see from a supply chain risk compliance perspective where you've got a small business, they've filled out this questionnaire, they've sent it back and said, we've got everything in place. It'd be interesting to see if there are potentially any instances in the future where something like that's happened.
An incident has occurred, the bigger entity has had some sort of impact because of this smaller entity saying they've got something in place and they don't. It'd be very interesting to see if there's potentially a case or something that happens in the future, because a lot of businesses I speak to, they say, yeah, no, we've filled out this thing.
And I'm like, okay, how many questions has it got on it? Oh, about a hundred, 150. I'm like, do you understand what each of that is? No, we just tick the box and send it off. We'll be fine. I'm like, oh, alrighty. Okay. Interesting. So it'll interesting as you said though,
as you said though Liam, it's, it, what is it?
It's good. It's good until it isn't. Yeah, that's right. So it's, that's just that, that's the Jason will go into it later. But it's Russia roulette. That's what you're playing. Yeah. You are putting the kids through school. You buy a jet ski. While it's good, but too many people have gone off the cliff when it's gone bad.
Yeah. So it'll be interesting to see from a futuristic point of view when that'll happen. But look, I think what we'll do is we'll finish it up there for the first episode. Thank you so much for joining us. Please tune in for the next episodes. These will be released weekly. I.
And you can find them on Spotify music Amazon, apple Music, YouTube as well. If you have any questions or if you wanna reach out to any of us in the conversation I will work on putting links down to book calls and things like that if you need to speak to any of us. But thank you so much for joining.
Tune in next week for our next episode, which will be inside a breach, the step-by-step destruction of a business. Thank you so much for joining us. We will see you soon.
