Cyber Insurance Might Actually Encourage Attacks

Technology is dramatically transforming the global business environment, with continual advances in areas ranging from artificial intelligence and the Internet of Things (IoT) to data availability and blockchain. 

Cyber risk has moved beyond data breaches and privacy concerns to sophisticated schemes that can disrupt entire businesses, industries, supply chains, and nations, costing the economy billions of dollars and affecting companies in every sector. 

The hard truth organisations must face is that cyber risk can be mitigated, managed, and recovered from, but it cannot be eliminated. 

The speed at which digital technologies evolve and disrupt traditional business models keeps increasing. At the same time, cyber risks seem to evolve even faster. More companies today are reaping the benefits of cyber insurance, with almost half of the respondents in Marsh and Microsoft’s 2019 Global Cyber Risk Perception Survey reporting that they have cyber insurance, compared to 34% in 2017. 

Nonetheless, some eperts are claiming  that cyber insurance can work against companies since cyber extortionists use it as an incentive to target firms.

In the report, “Cyber Insurance is Supporting the Fight Against Ransomware,” Marsh Insurance SVP and assistant general counsel for cyber policy, Matthew McCabe, outlines why this line of thinking around cyber insurance is incorrect. In fact, the coverage can be a useful tool for a company even before a hack or breach occurs.

“Number one, there’s utility in just going through the application for cyber insurance, in that it acts like a yearly assessment. You have a third party who’s kicking the tires on how you’re protecting your networks and how you’re responding to incidents, and that’s a source of maturation for companies,” said McCabe 

Sometimes the extortionist, do not return the decryption keys and make good on their promise to restore a firm’s network, resulting in a business’s operations coming to a halt. Therefore, one of the resiliency offered by cyber insurance is the financial risk transfer element that prevents expenses from piling up and draining a company’s pockets.

“If you lack that backstop of insurance, the company is simply out of pocket,” explained McCabe. “And even if the extortionist is good to their word and they will restore the network, it’s not as if you don’t incur any expenses. It might be less costly, but there are still costs involved with going through the incident.”

Another misconception around cyber insurance is that insurers don’t pay out claims.

McCabe cautions that again, this is not the reality. In recent years, with the NotPetya attack and an evolving data and privacy regulatory environment, cyber insurance solutions have developed accordingly. 

“Insurance has gone through an evolution - there’s more and more covered and over past years as threats have grown, cyber insurance has actually responded by expanding coverage to adapt to the new types of consequences that companies might suffer.......There’s nothing more spurious and frustrating than to see articles published with questions like, does cyber insurance pay claims? Of course it does.”

In a recent survey conducted by Mirsosoft it was reported that there was higher than ever confidence in the ability of cyber insurance to pay off, and that’s because so many customers have had claims and the insurance has responded.

“I think there’s a comfort that the insurance will be there to pay off the claim and I think there’s an appreciation that the scope of coverage made available really is valuable.” said McCabe

Insurance Business:        Microsoft Blog

You Might Also Read:

Cyber Insurance Is Unsustainable On Its Current Path:

Cyber Insurance Will Reshape Cyber Security:

 

 

« Tech Giants Have Facilitated An Online Slavery Market
WEF Report Confirms Cyber Attack Risk Is Growing Worldwide »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

101 Blockchains

101 Blockchains

101 Blockchains is a professional and trusted provider of enterprise blockchain research and training.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.