With cyber-attacks increasing in frequency and severity, many companies are turning to insurance to cover their mounting losses. But can insurers quantify the risk accurately and could insurance lead to corporate complacency? Many firms feel like they’re under siege. Cyber-attacks are coming thick and fast and the tools at the hackers’ disposal seem to be getting more, not less, powerful.
Estimated annual losses from cyber crime now top $400bn (£291bn), according to the Center for Strategic and International Studies. And the cost in lost productivity of last year’s WannaCry ransomware attack alone was estimated at $4bn.
So many businesses are buying cyber insurance “in a mad panic”, warns Charl van der Walt of SecureData, a cyber-security company.
“Unfortunately this will mean that businesses of all sizes will seek out the minimum cyber-security investment laid out by insurers, government, and regulators, rather than going above and beyond to protect their own, and their customers’, data.”
Ransomware attacks, whereby criminals break in to your network, encrypt all your data, then demand money in return for the decryption key, are particularly virulent. Firms have even been stocking up on Bitcoins – the hackers’ cryptocurrency payment of choice – to pay the ransoms.