In the digital realm, even the gatekeepers aren’t safe. Cybersecurity insurance has become a beacon of hope for businesses seeking financial protection against cyber threats. However, a new trend has emerged: threat actors targeting insurance companies to gauge the protection level of their clients. This adds a layer of complexity to the debate on the efficacy of cybersecurity insurance. Let’s explore the pros and cons, keeping this new threat vector in mind.
Pros of Cybersecurity Insurance
Financial Protection: Cyberattacks can result in significant financial losses. The WannaCry ransomware attack in 2017, for instance, led to global losses of around $4 billion1. Insurance can help businesses cover costs related to data recovery, legal consultations, and even ransom payments.
Risk Management: Insurers often mandate certain cybersecurity standards for their policyholders. This can inadvertently lead to businesses bolstering their cybersecurity defenses.
Business Continuity: Post a cyber incident, businesses might face operational halts. Insurance can provide coverage for such business interruptions, aiding companies in swift recovery.
Reputation Management: Some insurance packages include PR and crisis management services. In the aftermath of a breach, these services can be instrumental in salvaging a company’s reputation.
Cons of Cybersecurity Insurance
Insurance Companies as Targets: Threat actors have begun targeting insurance companies to discern the cybersecurity measures of their clients. In 2020, Blackbaud, a cloud software company serving many insurance firms, was hit by a ransomware attack, exposing client data2. This trend underscores the vulnerability of insurance companies themselves.
Not a Substitute for Security: Despite having insurance, breaches can still occur, as evidenced by the 2019 Capital One incident, which compromised data of over 100 million customers3.
Complex Policies: The intricacies of cybersecurity insurance policies can be daunting. Not all cyber incidents might be covered, necessitating businesses to fully comprehend their policies.
High Premiums: The evolving nature of cyber threats has led to a surge in insurance premiums. This can be a financial strain, especially for smaller businesses.
Moral Hazard: With the financial cushion of insurance, companies might indulge in riskier online behaviours, potentially leading to more breaches.
While cybersecurity insurance offers a semblance of protection against the financial ramifications of cyber threats, the targeting of insurance companies by threat actors adds a new dimension to the debate. It’s imperative for businesses to view insurance as a component of a holistic cybersecurity approach, rather than a complete solution.
Note: This opinion piece is a synthesis of available data as of 2021 and is meant for informational purposes.