As the cyber insurance market continues to grow, it’s only natural to discuss its place in the battle against cyber-attacks, including ransomware, which has been a prevalent topic in recent months.
Over the last several years, the cyber insurance market has rapidly expanded, and more companies now purchase cyber coverage than ever before. Close to 50% of respondents to Marsh and Microsoft’s 2019 Global Cyber Risk Perception Survey said they have cyber insurance, up from 34% in 2017. Amid that growth, most discussions of cyber insurance have highlighted its value as a risk mitigation tool and its ability to respond to fast- evolving cyber threats, including ransomware.
But in the media and elsewhere, some misinformation has emerged in regard to ransomware. One recent critique argues that cyber insurance has served as an incentive for cyber extortion attacks. In this line of thinking, the insurance industry is benefiting from the rash of ransomware attacks targeting companies around the world.
Under even modest scrutiny, this argument does not hold up. The truth is that ransomware attacks against businesses occur for one reason only: Criminals are succeeding.
That success stems from several factors. First, far too many organizations remain vulnerable due to gaps in technology or poor awareness of their risk. At the same time, ransomware attacks are cheap and easy to execute — and the criminals behind them usually operate in jurisdictions beyond the reach of law enforcement, where they are free to revise and repeat attacks as often as they wish.
Far from being part of the problem, cyber insurance can be a valuable tool in the fight against ransomware and other cyber threats. Fulfilling its traditional role, cyber insurance pools insureds that are similarly at risk and spreads their potential losses…