You Decide: Is Cyber Insurance Helpful or Hindering?
Recent Cyberattacks have caused debate around the topic of Cyber Insurance. The debate has two clear fronts, one with those who believe Cyber Insurance attracts cybercriminals and the others who believe it does its part in warding them off. Now it’s time for you to decide, is Cyber Insurance helpful or hindering?
Let’s analyze the recent cyberattack on the Colonial Pipeline Co. in Alpharetta, Georgia. One of the nation’s largest pipelines, which carries refined gasoline and jet fuel from Texas up the East Coast to New York, was forced to shut down in May of this year after being hit by ransomware in a vivid demonstration of the vulnerability of energy infrastructure to cyberattacks.
The repercussion caused gas shortages across the United States and has brought up a debate about the effectiveness of Cyber Insurance.
An Insurance Debate to Analyze
The debate around this situation has two clear fronts. On one side are believers who assume that Cyber Insurance coverage attracts cybercriminals due to the insured’s ability to pay a ransom from an attack. Others believe this insurance does its part in warding off criminals and protecting organizations.
In the case of the Colonial Pipeline attack, the company recently paid the $5 million ransom to the assumed Eastern European hackers. So, the debate starts by questioning if the criminals were successful in their plan.
This attack is one of many. In 2021 there was an increase in cyberattacks empowered by the digital change in the way organizations are operating. Overnight, our world shifted from an in-person business model to one completely conducted online. This opened organizations up to new vulnerabilities that nobody was prepared for and criminals soon found ways to profit off this.
This is where the other side of the argument on cyber liability insurance comes in. When businesses were forced to move online and to home offices, some were able to use their policy to increase security measures which helped prevent cyberattacks. In these cases, we can see the benefits of this coverage.
When it comes to an attack, the FBI advises against paying ransom arguing that “Paying a ransom doesn’t guarantee you or your organization will get any data back.” This adds another layer to the question of how effective cyber insurance is. If the whole point of having a cyber insurance policy is to protect your business when a cyberattack occurs, is the policy effective if you are advised not to use the benefits that come with the policy, like paying a ransom?
In a recent study by Hiscox, it was found that “28% of the businesses that suffered attacks were targeted on more than five occasions in 2020.” The reason so many organizations were targeted multiple times has a lot to do with an inability to quickly adapt to an online model where information is less secure. The 2021 Hiscox survey found that “the average business surveyed now devotes more than a fifth (21%) of its IT budget to cybersecurity, a jump of 63%.” On top of that, half of the respondents reported they felt their organization is now more vulnerable to cyberattacks.
Recently, the White House’s top Cybersecurity Official, Anne Neuberger, made a statement where she did not confirm or deny whether businesses should pay cybercriminal ransoms. Currently, the fact lays that a lot of organizations end up paying ransoms, which are covered by their cyber liability insurance policies, with the hope that their data will be restored.
Our Conclusion. What´s Yours?
The reality is that although more organizations are focusing time and resources to protect their data, nobody has an answer as to how cybercriminals should be handled. As for Cyber Insurance, it is never a bad idea to ensure you have coverage in place to help protect your organization from any situations that may arise.
Follow our news analysis section and discover how to stay protected using technology to your advantage with SmartCompliance.
