Cyber Insurance Might Actually Encourage Attacks
Technology is dramatically transforming the global business environment, with continual advances in areas ranging from artificial intelligence and the Internet of Things (IoT) to data availability and blockchain.
Cyber risk has moved beyond data breaches and privacy concerns to sophisticated schemes that can disrupt entire businesses, industries, supply chains, and nations, costing the economy billions of dollars and affecting companies in every sector.
The hard truth organisations must face is that cyber risk can be mitigated, managed, and recovered from, but it cannot be eliminated.
The speed at which digital technologies evolve and disrupt traditional business models keeps increasing. At the same time, cyber risks seem to evolve even faster. More companies today are reaping the benefits of cyber insurance, with almost half of the respondents in Marsh and Microsoft’s 2019 Global Cyber Risk Perception Survey reporting that they have cyber insurance, compared to 34% in 2017.
Nonetheless, some eperts are claiming that cyber insurance can work against companies since cyber extortionists use it as an incentive to target firms.
In the report, “Cyber Insurance is Supporting the Fight Against Ransomware,” Marsh Insurance SVP and assistant general counsel for cyber policy, Matthew McCabe, outlines why this line of thinking around cyber insurance is incorrect. In fact, the coverage can be a useful tool for a company even before a hack or breach occurs.
“Number one, there’s utility in just going through the application for cyber insurance, in that it acts like a yearly assessment. You have a third party who’s kicking the tires on how you’re protecting your networks and how you’re responding to incidents, and that’s a source of maturation for companies,” said McCabe
Sometimes the extortionist, do not return the decryption keys and make good on their promise to restore a firm’s network, resulting in a business’s operations coming to a halt. Therefore, one of the resiliency offered by cyber insurance is the financial risk transfer element that prevents expenses from piling up and draining a company’s pockets.
“If you lack that backstop of insurance, the company is simply out of pocket,” explained McCabe. “And even if the extortionist is good to their word and they will restore the network, it’s not as if you don’t incur any expenses. It might be less costly, but there are still costs involved with going through the incident.”
Another misconception around cyber insurance is that insurers don’t pay out claims.
McCabe cautions that again, this is not the reality. In recent years, with the NotPetya attack and an evolving data and privacy regulatory environment, cyber insurance solutions have developed accordingly.
“Insurance has gone through an evolution - there’s more and more covered and over past years as threats have grown, cyber insurance has actually responded by expanding coverage to adapt to the new types of consequences that companies might suffer.......There’s nothing more spurious and frustrating than to see articles published with questions like, does cyber insurance pay claims? Of course it does.”
In a recent survey conducted by Mirsosoft it was reported that there was higher than ever confidence in the ability of cyber insurance to pay off, and that’s because so many customers have had claims and the insurance has responded.
“I think there’s a comfort that the insurance will be there to pay off the claim and I think there’s an appreciation that the scope of coverage made available really is valuable.” said McCabe
Insurance Business: Microsoft Blog:
You Might Also Read:
Cyber Insurance Is Unsustainable On Its Current Path:
Cyber Insurance Will Reshape Cyber Security: