As the cyber insurance market continues to grow, it’s only natural to discuss its role in the battle against ransomware, which has been a prevalent topic in recent months, and other cyber-attacks.
Most discussions highlight its value as a risk mitigation tool and its ability to respond to fast-evolving cyber threats, including ransomware.
But some opposing viewpoints have emerged in the media in regard to ransomware, including a recent critique arguing that cyber insurance has served as an incentive for cyber extortion attacks.
This argument does not hold up. The truth is that ransomware attacks against businesses occur for one reason only: criminals are succeeding.
Far from being part of the problem, cyber insurance can be a valuable tool in the fight against ransomware and other cyber threats. Fulfilling its traditional role, cyber insurance pools insureds that are similarly at risk and spreads their potential losses.
And those who have criticised it have gotten some important facts wrong:
Beyond its specific purpose in thwarting ransomware attacks, cyber insurance is valuable for other reasons. The insurance underwriting process raises awareness of cyber threats, identifies how companies should be responding, and educates insureds.
After an attack, cyber insurance serves as a mechanism for convening the right team of experts, including legal counsel and computer forensic analysts, to assess the incident and recommend a response in a timely fashion.
So what do the critics get right? Cyber insurance pays claims. For more than a decade, cyber insurance policies have reliably paid claims for ransomware, network interruptions, data breaches, and related liability. Leading insurers handle thousands of claims a year, and US carriers paid cyber claims totaling an estimated $394 million in 2018.
Cyber insurance is a valuable component in a larger risk management strategy, which includes technology as well as training, education, and testing. To combat ransomware, companies still need to teach employees how to recognise threats, patch regularly, limit user privileges, and establish sufficient cyber hygiene to avoid being an easy target.
Companies are fighting hackers on an unbalanced playing field, where defense is much harder than offense, and cyber insurance has proven to be a valuable partner in that fight.
LCPA No. 19/159