As I keep saying, there is no doubt that the Cyber world is
an ever changing and dynamic one. It
could even be changing literally on a minute-by-minute basis. It’s because of this, and the overload of information
that comes, which makes it difficult for both individuals and businesses alike
to try to keep with the latest, and protect themselves the best way that they
can.
But some good news here is that businesses can be protected
to varying degrees financially, with the help of Cyber Security Insurance. Simply put, this means that if your business has
been hit with a security breach, then technically you can file a claim, and get
some sort of payout from it, in order to help you bounce back.
But remember, getting Cyber Insurance is not as simple as
that. It is nowhere near like purchasing
card insurance. For example, when you
first file an application with a carrier, you must have to prove to them first
that you have taken all of the steps first to be proactive about protecting
your business.
This is very often demonstrated by completing a
questionnaire, and having a third party assess the fact that everything is
true.
This of course can take quite a bit of time, especially if
you don’t have the controls in place, which is very often true of the SMB
owner. Once you get approved, then of
course you have to pay your monthly or annual premiums. This can be an expensive chore, depending
upon how big your business is, and the kind of industry that you are in.
Finally, keep in mind that if you do file a claim, there is
no guarantee that you will get a payout of any kind. The reason for this is that insurance carriers
have really cracked down, especially when it comes to Ransomware payments.
Not only this, even if you have never filed a claim, an
insurance company can still always audit you to make sure that you are
compliant with your agreement.
This convoluted circle has been getting worse lately, and because
of it, many business owners of today (and even individuals) are finding it
harder to get a good, comprehensive policy.
Some good news here is that the Biden Administration has taken a stance
to make this easier to attain, with their recent National Cybersecurity
Strategy.
More information about this can be seen at the link below:
But they have actually gone one step further ahead of
this. For example, do you remember the
horrific days of 9/11, and the WTC buildings collapsing? Well, that same fear still exists, but not on
the physical level like that. Now, the fear
is that of a huge and massive Cyberattack against the United States, brought on
by nation state actors.
One such scenario could be where the Critical Infrastructures
are totally wiped out in all of the major US cities, such as Chicago, Los
Angeles, NYC, etc.
The main problem here is that these are old, legacy based
systems. Not only would it take a very
long time to bring these systems back online, but it would also be a very
expensive proposition as well. This is
where the Biden Administration would also step in. In their plan, they have called for what is
known as a “Cyber Insurance Backstop”.
Although I am not familiar with all of the details into it, the
basic thrust here is that should the US fall victim to nationwide Cyber-attack,
the Federal Government would step in, and provide whatever financial assistance
is needed in order for the nation to recover as quickly as possible.
In a way, this is also analogous to the situation back in
the 08-09 recession where they also stepped in to bail out the big banks and
other financial institutions. An article
from the Wall Street Journal about this can be seen at the link below:
https://www.wsj.com/articles/u-s-government-to-explore-cyber-insurance-backstop-ddc94c11
Although there are those critics who fear government intervention
(not trying to get political here), but who would not want this kind of assistance? As a private US citizen, I know that I would
want to have it!!!
As stated earlier, although the details of it are still in
the works, there are some huge benefits into having a national plan like, some
of which are as follows:
*There will be less burden on the insurance carriers. In the event of a national Cyber-attack, it
will be this group that will be called to act first. But given the fact that they do have limited
resources as well, they will need that extra surge of money from the Federal Government
so that they don’t go broke as well. In
other words, there would be a transference of risk, which would be hugely beneficial
to all.
*In the event of a wide scale Cyber disaster, the Federal Government
can out more money into the market, so that there will not be a demise of our
financial infrastructure. I am thinking that
this would happen in a manner similar to that when COVID-19 hit, and the Trump
Administration back then literally signed into law the law the allocation for
trillions of dollars. Of course, there
will be side effects from all of this down the road, as we are seeing now with
inflation.
*A centralization to Cyber efforts and initiatives. After 9/11, the Bush Administration created
the Department of Homeland Security (DHS).
This was done in an effort to centralize all of the information and
intelligence coming in about terrorist activities. The same needs to be done for Cyber, in that
a Department of Cybersecurity needs to be created. With this kind of centralization, there is a greater
chance that insurance policies will contain clearer language, and making it available for everybody (kind of
like Obama Care). It is hoped that this
effort will cut down on the sheer number of frivolous lawsuits that are occurring
today.
My Thoughts On This:
Al though I am by no means a Cyber Insurance expert, I have
written whitepapers and articles about it, so I do know something about
it. Heck, I even have had people ask me
questions about it. Yes, the Cyber
landscape is complex one, but how recovery to an attack does not have to
be.
In this country, insurance companies are often both loved
and hated, in the sense that most of your claims will get paid, but not all of
them.
With this backstop strategy, there will be some guarantees now
that full payments and restitution can be made.
After all, if the Federal Government can provide this kind of assistance
to victims hit by natural disasters (such as hurricanes, floods, fire, etc.)
why can’t this be applied to the Cyber
world as well?
It can be, and it will.
The only question now is when.
No comments:
Post a Comment