Cyber Insurance Might Actually Encourage Attacks

Uploaded on 2019-11-11 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Technology is dramatically transforming the global business environment, with continual advances in areas ranging from artificial intelligence and the Internet of Things (IoT) to data availability and blockchain. 

Cyber risk has moved beyond data breaches and privacy concerns to sophisticated schemes that can disrupt entire businesses, industries, supply chains, and nations, costing the economy billions of dollars and affecting companies in every sector. 

The hard truth organisations must face is that cyber risk can be mitigated, managed, and recovered from, but it cannot be eliminated. 

The speed at which digital technologies evolve and disrupt traditional business models keeps increasing. At the same time, cyber risks seem to evolve even faster. More companies today are reaping the benefits of cyber insurance, with almost half of the respondents in Marsh and Microsoft’s 2019 Global Cyber Risk Perception Survey reporting that they have cyber insurance, compared to 34% in 2017. 

Nonetheless, some eperts are claiming  that cyber insurance can work against companies since cyber extortionists use it as an incentive to target firms.

In the report, “Cyber Insurance is Supporting the Fight Against Ransomware,” Marsh Insurance SVP and assistant general counsel for cyber policy, Matthew McCabe, outlines why this line of thinking around cyber insurance is incorrect. In fact, the coverage can be a useful tool for a company even before a hack or breach occurs.

“Number one, there’s utility in just going through the application for cyber insurance, in that it acts like a yearly assessment. You have a third party who’s kicking the tires on how you’re protecting your networks and how you’re responding to incidents, and that’s a source of maturation for companies,” said McCabe 

Sometimes the extortionist, do not return the decryption keys and make good on their promise to restore a firm’s network, resulting in a business’s operations coming to a halt. Therefore, one of the resiliency offered by cyber insurance is the financial risk transfer element that prevents expenses from piling up and draining a company’s pockets.

“If you lack that backstop of insurance, the company is simply out of pocket,” explained McCabe. “And even if the extortionist is good to their word and they will restore the network, it’s not as if you don’t incur any expenses. It might be less costly, but there are still costs involved with going through the incident.”

Another misconception around cyber insurance is that insurers don’t pay out claims.

McCabe cautions that again, this is not the reality. In recent years, with the NotPetya attack and an evolving data and privacy regulatory environment, cyber insurance solutions have developed accordingly. 

“Insurance has gone through an evolution - there’s more and more covered and over past years as threats have grown, cyber insurance has actually responded by expanding coverage to adapt to the new types of consequences that companies might suffer.......There’s nothing more spurious and frustrating than to see articles published with questions like, does cyber insurance pay claims? Of course it does.”

In a recent survey conducted by Mirsosoft it was reported that there was higher than ever confidence in the ability of cyber insurance to pay off, and that’s because so many customers have had claims and the insurance has responded.

“I think there’s a comfort that the insurance will be there to pay off the claim and I think there’s an appreciation that the scope of coverage made available really is valuable.” said McCabe

Insurance Business:        Microsoft Blog

You Might Also Read:

Cyber Insurance Is Unsustainable On Its Current Path:

Cyber Insurance Will Reshape Cyber Security:

 

 

« Tech Giants Have Facilitated An Online Slavery Market
WEF Report Confirms Cyber Attack Risk Is Growing Worldwide »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Anomali

Anomali

Anomali delivers intelligence-driven cybersecurity solutions to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

Cyber Security Capital (CS^)

Cyber Security Capital (CS^)

Cyber Security Capital is a consultancy helping to mobilise and empower individuals, corporate leaders and entrepreneurs in cyber security.

Raz-Lee Security

Raz-Lee Security

Raz-Lee Security is the leading security solution provider for IBM Power i, otherwise known as iSeries or AS/400 servers.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Penacity

Penacity

Penacity, LLC provides strategic consulting technology services and Information Security Services to commercial and government organizations.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

Patriot Cyber Defense

Patriot Cyber Defense

Patriot Cyber Defense is a Cyber Security and Management Consulting professional services firm.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.

D2 Network Associates (D2NA)

D2 Network Associates (D2NA)

D2NA help businesses deliver and achieve their goals, through innovative IT solutions, robust cyber security services and proactive IT managed services.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.