Cyber insurance has great potentials in improving cybersecurity practices and protecting organizations against the impact of security incidents, but these potentials “have yet to fully materialize.” This is the key highlight of a recent report developed by the Royal United Services Institute for Defence and Security Studies (RUSI) and the University of Kent in the UK. The report provides a comprehensive list of recommendations for both governments and organizations.

Why cyber insurance?

The World Economic Forum has identified cyber-crime along with climate change and pandemics as “one of the most challenging risks facing societies in the next five years.” The advances in criminality ‘business models’ and the increasing sophistication of threat actors have turned cyber-crime into a complex, rapidly growing and severe threat to both government and business. According to the report, in 2020, losses from cyber-crime were estimated at over $945 billion worldwide, while the “average payment for a ransomware attack was reported to have risen from $84,116 in Q4 2019 to $220,298 in Q1 2021.”

Both critical national infrastructure (CNI) and economic security are threatened by ransomware and cyber-crime more generally. Cyber risk management has become an essential and crucial topic for governments and businesses.

This rise in criminality is taking place at a time of rapid changes in the business environment as organizations seek to digitalize, increase connectivity, and accommodate emerging remote working. The growing reliance of businesses and governments on cyber-enabled services and data highlights the need for protection against these threats. With both national infrastructure and economic security at risk, “one tool that has gained traction is cyber insurance.”

As with other types of insurance, cyber insurance is to play a role in reducing economic, environmental, technological, and political risks. Although the primary purpose of insurance is to transfer risk, a (Read more...)