Darkreading.com reported that “As cybercrime continues to rise, cyber insurance has businesses reconsidering their coverage. Organizations faced with a decision to take out coverage need to find space in the budget for monthly costs and potentially large premiums.” The May 30, 2019 report entitled “Caveat Emptor: Calculating the Impact of Global Attacks on Cyber Insurance” posed these questions:
But can cyber insurance do enough to limit the fallout for the victims of ransomware attacks?
If not, how can proactive businesses ensure they are financially protected after a breach?
Also these comments about cyberinsurance were included in the report:
The ripple effect of this could go beyond the claims sector, and, in the long run, have a connected impact on security research, and potentially free press and journalism.
Traditionally, researchers have had the freedom to comment and even speculate on the attribution of cyberattacks through information on the attackers' behavior and the attack signatures they use.
If insurance companies and claims handlers begin using public research as a reason to deny coverage to victims, research teams could be put in an ethical bind when faced with the realization that the results of their investigative work could exacerbate victims' woes.
They may be reluctant to share their findings, due to fear of being pulled into legal proceedings by giving insurers a possible reason to withhold coverage.
The net effect might end up reducing the amount of public research and the transparency of the industry overall.
What do you think?