Ensure That You’re Insured?

Estimated read time 3 min read

In the digital realm, even the gatekeepers aren’t safe. Cybersecurity insurance has become a beacon of hope for businesses seeking financial protection against cyber threats. However, a new trend has emerged: threat actors targeting insurance companies to gauge the protection level of their clients. This adds a layer of complexity to the debate on the efficacy of cybersecurity insurance. Let’s explore the pros and cons, keeping this new threat vector in mind.

Pros of Cybersecurity Insurance

Financial Protection: Cyberattacks can result in significant financial losses. The WannaCry ransomware attack in 2017, for instance, led to global losses of around $4 billion1. Insurance can help businesses cover costs related to data recovery, legal consultations, and even ransom payments.

Risk Management: Insurers often mandate certain cybersecurity standards for their policyholders. This can inadvertently lead to businesses bolstering their cybersecurity defenses.

Business Continuity: Post a cyber incident, businesses might face operational halts. Insurance can provide coverage for such business interruptions, aiding companies in swift recovery.

Reputation Management: Some insurance packages include PR and crisis management services. In the aftermath of a breach, these services can be instrumental in salvaging a company’s reputation.

Cons of Cybersecurity Insurance

Insurance Companies as Targets: Threat actors have begun targeting insurance companies to discern the cybersecurity measures of their clients. In 2020, Blackbaud, a cloud software company serving many insurance firms, was hit by a ransomware attack, exposing client data2. This trend underscores the vulnerability of insurance companies themselves.

Not a Substitute for Security: Despite having insurance, breaches can still occur, as evidenced by the 2019 Capital One incident, which compromised data of over 100 million customers3.

Complex Policies: The intricacies of cybersecurity insurance policies can be daunting. Not all cyber incidents might be covered, necessitating businesses to fully comprehend their policies.

High Premiums: The evolving nature of cyber threats has led to a surge in insurance premiums. This can be a financial strain, especially for smaller businesses.

Moral Hazard: With the financial cushion of insurance, companies might indulge in riskier online behaviours, potentially leading to more breaches.


While cybersecurity insurance offers a semblance of protection against the financial ramifications of cyber threats, the targeting of insurance companies by threat actors adds a new dimension to the debate. It’s imperative for businesses to view insurance as a component of a holistic cybersecurity approach, rather than a complete solution.

Note: This opinion piece is a synthesis of available data as of 2021 and is meant for informational purposes.


CBS News – WannaCry ransomware attack losses could reach $4 billion

BBC News – Blackbaud: Data-stealing ransomware attack hits US firm

The Wall Street Journal – Capital One’s Data Breach Could Cost the Company up to $500 Million

Cyber Insurance
Stu Walsh http://www.stuwalsh.com

I am 46 years old and live in Milford, Derbyshire (United Kingdom) with my wife Claire and our two sons, Jackson (13) and Robson (11).

My hobbies and interests include football, poker, UFC/MMA, website design, computers, TV and films.

I work as the Chief Information Security Officer (CISO) for Blue Stream Academy Ltd. providing online training and HR solutions to healthcare organisations in the UK.

You May Also Like

More From Author

+ There are no comments

Add yours