The policies are written by folks who have no understanding of different operating environments. The requirement "All servers and workstations must have EDR software installed" leads to top-level execs doing a deal with Crowdstrike because they "support" Linux, Mac, and Windows. So then every host must have their malware installed to check the box. Doesn't matter if it's useful or not.
Indeed and insurance too. For our business, our professional errors and omissions coverage for years had the ability to cover cyber issues. No more. That requires cybersecurity insurance and the underwriters will not entertain underwriting a policy unless EDR is in place. They don't care if you are running OpenBSD and are an expert in cybersecurity who testifies in court cases or none of that. EDR from our list or no insurance.
