Although many businesses are starting to invest more heavily in cyber insurance, with the U.S. market doubling to $2 billion in 2014 alone, a new report from Bloomberg View
indicates that these policies may not be providing the coverage that will be needed for companies to succeed in the long run.
In particular, it argues that most policies only tackle the consequences of a cyber attack without looking at its causes or addressing underlying security issues present within many North American enterprises.
As a result, thought leaders contend that these policies are not actually indicative of “insurance” but rather “assurance,” since the former relates to events that are open to possibility, whereas digital attacks are a near inevitability in the modern age.
In fact, a representative of a prominent NYC-based cybersecurity firm recently relayed the urgency of this matter for members of the legal arena.
“If you’re a major law firm, it’s safe to say that you’ve either already been a victim, currently are a victim, or will be a victim,” Chad Pinson, managing director at Stroz Friedberg, told Bloomberg
. “The question is, what are you doing to mitigate it?”
In 2013, 19% of PwC’s surveyed U.S. organizations had experienced a cyber incident resulting in $50,000 to $1 million worth of damage, although actual figures may be higher since large companies are often reluctant to reveal the extent of data breaches to outside parties.
Instead of accepting these assaults as a certainty, preventative measures can be taken to enhance defensive safeguards. These include:
- Increased government regulation for disclosure, so vulnerabilities can be analyzed and other organizations can be made aware of their limitations
- Conducting thorough post-attack audits to fully understand what took place
- Brokers helping to educate clients on their specific risk profiles, and guiding the implementation of defensive procedures
In the meantime, systemic changes need to be made to ensure all actors are operating in ways most beneficial for North American commerce.
“Stephen Catlin, founder of the biggest insurance syndicate at Lloyds of London, told the Financial Times
in February that only the government has deep enough pockets to underwrite the dangers of cyber attacks,” Mark Gilbert writes. “That may be true, but addressing the roots rather than the outcomes is a more pressing need. If insurance against financial losses is the only answer, then companies seeking to reduce their cybersecurity risks are asking the wrong question.”