Cyber Insurance Might Actually Encourage Attacks

Technology is dramatically transforming the global business environment, with continual advances in areas ranging from artificial intelligence and the Internet of Things (IoT) to data availability and blockchain. 

Cyber risk has moved beyond data breaches and privacy concerns to sophisticated schemes that can disrupt entire businesses, industries, supply chains, and nations, costing the economy billions of dollars and affecting companies in every sector. 

The hard truth organisations must face is that cyber risk can be mitigated, managed, and recovered from, but it cannot be eliminated. 

The speed at which digital technologies evolve and disrupt traditional business models keeps increasing. At the same time, cyber risks seem to evolve even faster. More companies today are reaping the benefits of cyber insurance, with almost half of the respondents in Marsh and Microsoft’s 2019 Global Cyber Risk Perception Survey reporting that they have cyber insurance, compared to 34% in 2017. 

Nonetheless, some eperts are claiming  that cyber insurance can work against companies since cyber extortionists use it as an incentive to target firms.

In the report, “Cyber Insurance is Supporting the Fight Against Ransomware,” Marsh Insurance SVP and assistant general counsel for cyber policy, Matthew McCabe, outlines why this line of thinking around cyber insurance is incorrect. In fact, the coverage can be a useful tool for a company even before a hack or breach occurs.

“Number one, there’s utility in just going through the application for cyber insurance, in that it acts like a yearly assessment. You have a third party who’s kicking the tires on how you’re protecting your networks and how you’re responding to incidents, and that’s a source of maturation for companies,” said McCabe 

Sometimes the extortionist, do not return the decryption keys and make good on their promise to restore a firm’s network, resulting in a business’s operations coming to a halt. Therefore, one of the resiliency offered by cyber insurance is the financial risk transfer element that prevents expenses from piling up and draining a company’s pockets.

“If you lack that backstop of insurance, the company is simply out of pocket,” explained McCabe. “And even if the extortionist is good to their word and they will restore the network, it’s not as if you don’t incur any expenses. It might be less costly, but there are still costs involved with going through the incident.”

Another misconception around cyber insurance is that insurers don’t pay out claims.

McCabe cautions that again, this is not the reality. In recent years, with the NotPetya attack and an evolving data and privacy regulatory environment, cyber insurance solutions have developed accordingly. 

“Insurance has gone through an evolution - there’s more and more covered and over past years as threats have grown, cyber insurance has actually responded by expanding coverage to adapt to the new types of consequences that companies might suffer.......There’s nothing more spurious and frustrating than to see articles published with questions like, does cyber insurance pay claims? Of course it does.”

In a recent survey conducted by Mirsosoft it was reported that there was higher than ever confidence in the ability of cyber insurance to pay off, and that’s because so many customers have had claims and the insurance has responded.

“I think there’s a comfort that the insurance will be there to pay off the claim and I think there’s an appreciation that the scope of coverage made available really is valuable.” said McCabe

Insurance Business:        Microsoft Blog

You Might Also Read:

Cyber Insurance Is Unsustainable On Its Current Path:

Cyber Insurance Will Reshape Cyber Security:

 

 

« Tech Giants Have Facilitated An Online Slavery Market
WEF Report Confirms Cyber Attack Risk Is Growing Worldwide »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Beame.io

Beame.io

Beame.io is an information security company that distributes open source authentication infrastructure based on encryption.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

PeckShield

PeckShield

PeckShield is a blockchain security company which aims to elevate the security, privacy, and usability of entire blockchain ecosystem by offering top-notch, industry-leading services and products.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

PayPal Ventures

PayPal Ventures

PayPal Ventures invests in companies at the forefront of innovation in fintech, payments, commerce enablement, artificial intelligence, blockchain and cryptocurrency, regulatory and cyber technology.

Cyber Security Certification Australia (CSCAU)

Cyber Security Certification Australia (CSCAU)

CSCAU is the world’s first 'for mission' industry council set up to address small and medium-sized business (SMB) cyber resilience through annually updated certifiable standards.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.