Cyber Attacks Cause Catastrophic Business Loss

A report from the US Government Accountability Office (GAO) has warned that private insurance companies are increasingly backing out of covering damages from major cyber attacks, leaving American businesses facing “catastrophic financial loss” unless another insurance model can be found. 

“Cyber insurance can help offset costs of some common cyber risks, like data breaches or ransomware. Cyber risks are growing, and cyber attacks targeting critical infrastructure, like utilities or financial services, could affect entire systems and result in catastrophic financial loss,” says the GAO Report.

The growing challenge of covering cyber risk is examined in the GAO report, which calls for a government assessment of whether a federal cyber insurance option is needed. The GAO report draws on threat assessments from the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Justice to quantify the risk of cyber attacks on critical infrastructure, identifying vulnerable technologies that might be attacked and a range of threat actors capable of exploiting them.

Referring the current ODNI Annual Threat Assessment Report the GAO report finds that hacking groups linked to Russia, China, Iran, and North Korea pose the greatest threat to US infrastructure, along with certain non-state actors like organised cybercriminal gangs. “Although federal agencies do not have a comprehensive inventory of cybersecurity incidents,” the report reads, “several key federal and industry sources show an increase in most types of cyberattacks across the United States, including those affecting critical infrastructure, and significant and increasing costs for cyber attacks.”

In 2016, US businesses and public bodies were hit with a total of 19,060 incidents in the four major categories, ransomware, data breaches, business email compromise, and denial of service attacks, with a total cost of $470 million, per a GAO analysis of FBI reports. In 2021, there were 26,074 incidents, and the total cost was close to $2.6 billion.

According to the US Department of the Treasury, some insurers have also been mitigating their exposure by lowering the maximum amount that a policy will pay out in the case of a cyber attack as well as  increasing premiums to protect themselves from losses. 

Further evidence that some insurance companies are pulling back from coverage in infrastructure sectors entirely, the GAO found, judging the risk of attack as too high. Overall, the GAO report suggests that CISA and the Federal Insurance Office undertake an assessment into whether the above factors necessitate a federal insurance response along the lines of FDIC insurance for bank deposits and the National Flood Insurance Program.

US GAO:      US GAO:    US DNI:    The Verge:   ZDNet:   CPS-VO:   InsideERA:   

You Might Also Read: 

Global Cyber Security Insurance Market Will Grow To $61.2B:

 

« Google Improves Password Manager Platform Security
How Do You Solve A Problem Like The Cyber Security Skills Gap? »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

Square

Square

Square, Inc. develops and provides payment processing, point-of-sale (POS), financial, and marketing services worldwide.

Halo Consulting

Halo Consulting

We provide advice on products from all of the major insurance providers including cyber liability insurance.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Unitrends

Unitrends

Unitrends helps IT pros do more with less by providing an all-in-one enterprise backup and continuity solution.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

SITA

SITA

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry including vulnerability assessments and managed security services.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

AaDya

AaDya

AaDya provide smart, simple, affordable and effective cybersecurity software solutions for small and medium businesses.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Amidas Hong Kong

Amidas Hong Kong

Amidas is your trusted companion on the road to Digital Transformation. We provide a full range of Information Technology Solutions and Professional Services to Enterprise customers.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.