Cyber Attacks Cause Catastrophic Business Loss

A report from the US Government Accountability Office (GAO) has warned that private insurance companies are increasingly backing out of covering damages from major cyber attacks, leaving American businesses facing “catastrophic financial loss” unless another insurance model can be found. 

“Cyber insurance can help offset costs of some common cyber risks, like data breaches or ransomware. Cyber risks are growing, and cyber attacks targeting critical infrastructure, like utilities or financial services, could affect entire systems and result in catastrophic financial loss,” says the GAO Report.

The growing challenge of covering cyber risk is examined in the GAO report, which calls for a government assessment of whether a federal cyber insurance option is needed. The GAO report draws on threat assessments from the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Justice to quantify the risk of cyber attacks on critical infrastructure, identifying vulnerable technologies that might be attacked and a range of threat actors capable of exploiting them.

Referring the current ODNI Annual Threat Assessment Report the GAO report finds that hacking groups linked to Russia, China, Iran, and North Korea pose the greatest threat to US infrastructure, along with certain non-state actors like organised cybercriminal gangs. “Although federal agencies do not have a comprehensive inventory of cybersecurity incidents,” the report reads, “several key federal and industry sources show an increase in most types of cyberattacks across the United States, including those affecting critical infrastructure, and significant and increasing costs for cyber attacks.”

In 2016, US businesses and public bodies were hit with a total of 19,060 incidents in the four major categories, ransomware, data breaches, business email compromise, and denial of service attacks, with a total cost of $470 million, per a GAO analysis of FBI reports. In 2021, there were 26,074 incidents, and the total cost was close to $2.6 billion.

According to the US Department of the Treasury, some insurers have also been mitigating their exposure by lowering the maximum amount that a policy will pay out in the case of a cyber attack as well as  increasing premiums to protect themselves from losses. 

Further evidence that some insurance companies are pulling back from coverage in infrastructure sectors entirely, the GAO found, judging the risk of attack as too high. Overall, the GAO report suggests that CISA and the Federal Insurance Office undertake an assessment into whether the above factors necessitate a federal insurance response along the lines of FDIC insurance for bank deposits and the National Flood Insurance Program.

US GAO:      US GAO:    US DNI:    The Verge:   ZDNet:   CPS-VO:   InsideERA:   

You Might Also Read: 

Global Cyber Security Insurance Market Will Grow To $61.2B:

 

« Google Improves Password Manager Platform Security
How Do You Solve A Problem Like The Cyber Security Skills Gap? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

Atea

Atea

Atea is the market leader in IT infrastructure for businesses and public-sector organizations in Europe’s Nordic and Baltic regions.

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Nouveau

Nouveau

Nouveau Solutions is a specialist IT managed services company with a strategic focus on delivering cloud, infrastructure, compliance, network and security solutions.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Digiserve

Digiserve

Digiserve by Telkom Indonesia is an end-to-end managed solutions provider committed to empowering enterprises in Indonesia.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

Yellow Brand Protection

Yellow Brand Protection

Yellow Brand Protection operates 24/7 to protect brands' Intellectual Property (IP) from infringements on all kinds of online distribution channels.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

AirITSystems

AirITSystems

AirITSystems offer companies comprehensive IT security solutions that take all security considerations into account and are tailored to your business.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

Hilltop Technologies

Hilltop Technologies

Hilltop Technologies is a cybersecurity company specialized in managed security services and consulting tailored for all sectors from higher education to publicly traded companies.