Cyber Insurance Might Actually Encourage Attacks

Uploaded on 2019-11-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Technology is dramatically transforming the global business environment, with continual advances in areas ranging from artificial intelligence and the Internet of Things (IoT) to data availability and blockchain. 

Cyber risk has moved beyond data breaches and privacy concerns to sophisticated schemes that can disrupt entire businesses, industries, supply chains, and nations, costing the economy billions of dollars and affecting companies in every sector. 

The hard truth organisations must face is that cyber risk can be mitigated, managed, and recovered from, but it cannot be eliminated. 

The speed at which digital technologies evolve and disrupt traditional business models keeps increasing. At the same time, cyber risks seem to evolve even faster. More companies today are reaping the benefits of cyber insurance, with almost half of the respondents in Marsh and Microsoft’s 2019 Global Cyber Risk Perception Survey reporting that they have cyber insurance, compared to 34% in 2017. 

Nonetheless, some eperts are claiming  that cyber insurance can work against companies since cyber extortionists use it as an incentive to target firms.

In the report, “Cyber Insurance is Supporting the Fight Against Ransomware,” Marsh Insurance SVP and assistant general counsel for cyber policy, Matthew McCabe, outlines why this line of thinking around cyber insurance is incorrect. In fact, the coverage can be a useful tool for a company even before a hack or breach occurs.

“Number one, there’s utility in just going through the application for cyber insurance, in that it acts like a yearly assessment. You have a third party who’s kicking the tires on how you’re protecting your networks and how you’re responding to incidents, and that’s a source of maturation for companies,” said McCabe 

Sometimes the extortionist, do not return the decryption keys and make good on their promise to restore a firm’s network, resulting in a business’s operations coming to a halt. Therefore, one of the resiliency offered by cyber insurance is the financial risk transfer element that prevents expenses from piling up and draining a company’s pockets.

“If you lack that backstop of insurance, the company is simply out of pocket,” explained McCabe. “And even if the extortionist is good to their word and they will restore the network, it’s not as if you don’t incur any expenses. It might be less costly, but there are still costs involved with going through the incident.”

Another misconception around cyber insurance is that insurers don’t pay out claims.

McCabe cautions that again, this is not the reality. In recent years, with the NotPetya attack and an evolving data and privacy regulatory environment, cyber insurance solutions have developed accordingly. 

“Insurance has gone through an evolution - there’s more and more covered and over past years as threats have grown, cyber insurance has actually responded by expanding coverage to adapt to the new types of consequences that companies might suffer.......There’s nothing more spurious and frustrating than to see articles published with questions like, does cyber insurance pay claims? Of course it does.”

In a recent survey conducted by Mirsosoft it was reported that there was higher than ever confidence in the ability of cyber insurance to pay off, and that’s because so many customers have had claims and the insurance has responded.

“I think there’s a comfort that the insurance will be there to pay off the claim and I think there’s an appreciation that the scope of coverage made available really is valuable.” said McCabe

Insurance Business:        Microsoft Blog

You Might Also Read:

Cyber Insurance Is Unsustainable On Its Current Path:

Cyber Insurance Will Reshape Cyber Security:

 

 

« Tech Giants Have Facilitated An Online Slavery Market
WEF Report Confirms Cyber Attack Risk Is Growing Worldwide »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

CERT.BY

CERT.BY

The National Computer Emergency Response Team of the Republic of Belarus.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

NTIC Cyber Center - USA

NTIC Cyber Center - USA

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic (MyCSC)

MyCyberSecurity Clinic's main goal is toward establishing an international reference centre for excellence in the field of digital forensics and data recovery services.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

SideChannel

SideChannel

At SideChannel, we match companies with an expert virtual CISO (vCISO), so your organization can assess cyber risk and ensure cybersecurity compliance.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.

Hive Systems

Hive Systems

Hive Systems specialize in tailored solutions that unify risk assessments, IT, security awareness, and cybersecurity operations for businesses of all sizes.