Dear Sir,
The absence of IPv6 within our organizational network is a deliberate and carefully considered decision, implemented in accordance with the requirements of our current cyber insurance provider. Enabling IPv6 would invalidate our existing insurance coverage, which in turn would result in the loss of a critical client whose continued partnership depends on our maintaining this specific insurer. This dependency arises from regulatory obligations that compel our client to source services exclusively from suppliers holding cyber insurance from accredited providers.
We recognize the technical benefits of IPv6, but compliance and risk management considerations must take precedence under these circumstances.
Absolutely wild. Sounds like there were organizational problems where the correct technically-minded people weren't invited into the vendor eval process for that "insurance" provider, nor were they given the ability to push back on insane requirements from a customer.
This is a symptom of hiring the cheapest, least sophisticated box-ticking compliance and insurance providers. How do I know? Because I've worked with more than I want to count. And that's all that they know how to do. Sure, they'll give you the certification, or the insurance, but it will be non-stop pain starting the day you sign the contract with them.
A real, competent provider/insurer would take the problem on head-on and be the adviser that you are hiring them to be. They would advise you about the real, actual risks and positives. Then you would have air-cover to go tell the customer during the procurement stage to go pound sand. Insane that you would actually allow a prospective customer to dictate how you do things internally. That also smacks of the customer not having the technical sophistication to even know about the things they are demanding, they just read about the random lines they can throw in a contract because others did.
This industry is fucked and deserves every ounce of comeuppance coming its way.
Tell me you don't work in the industry without telling me you don't work in the industry...
Tell me you've never done compliance work without telling me you've never done compliance work.
What, specifically, about the above do you take issue with? These are all issues I've seen personally and up close.