Newsletter


9 October 2019Analysis

Cyber insurance does not incentivise cyber extortion: Marsh


Marsh has dismissed the accusation “that cyber insurance has served as an incentive for cyber extortion attacks” and that the insurance industry benefits from such attacks.

Marsh said such assertions have been made in the media and elsewhere, but insisted “cyber insurance can be a valuable tool in the fight against ransomware and other cyber threats.”

The insurance industry is certainly selling coverage related to cyber crime. Close to 50 percent of respondents to Marsh and Microsoft’s 2019 Global Cyber Risk Perception Survey said they have cyber insurance, up from 34 percent in 2017.

But it is also true that insurance companies pay out on these policies: US carriers paid cyber claims totaling an estimated $394 million in 2018, according to Marsh.

While nobody wants to support cyber criminals, Marsh noted, organisations routinely weigh the cost of what is usually a five figure ransom against the risk of operational disruptions that could last weeks or months, potentially costing far more.

“After the City of Baltimore refused to pay a ransom demand of around $76,000, it incurred prolonged outages and racked up nearly $20 million in losses,” said Marsh. “Small and midsize businesses may not be able to absorb the same pain from a lengthy disruption. And if your company does not have cyber insurance to absorb those losses, you have even more incentive to pay.”

Ultimately, the decision about whether to pay a ransom is always taken by the insured, Marsh added. “The unfortunate truth is that — for many organisations — paying a ransom demand is the cheaper and more effective option,” it said.

Even if cyber insurance absorbs the cost of a disruption, that cannot fully compensate for the impact of business interruption, or inconvenience for customers and reputational damage.

The insurance underwriting process also raises awareness of cyber threats, identifying how companies should be responding and educating insureds about how to protect themselves, Marsh said. It can also help in the aftermath of an attack, it added, “convening the right team of experts, including legal counsel and computer forensic analysts, to assess the incident and recommend a response in a timely fashion.”

.



Editor's picks

Acquisitions jigsaw
news
DARAG Insurance Guernsey buys up Cayman captive
19 April 2024

Editor's picks

news
DARAG Insurance Guernsey buys up Cayman captive
19 April 2024   The purchase from an unnamed multinational corporate is the latest captive transaction for DARAG.
news
VCIA to host captive management webinar
10 April 2024
news
Giles to join ClearPoint Health
9 April 2024
news
RMC emerges victorious against IRS in micro captive case
8 April 2024
news
CCRIF unveils four Ivan+20 scholarships
4 April 2024
news
Ryskex opens office in Lloyd’s building
4 April 2024

Related content

Committed to the captives sector
Captives and investments portfolios: separating myth from reality
Revolutionising risk transfer: the emergence of 144A cat bonds in captive
20 years on: evolving in tandem
A strong sense of purpose
Captive change and evolution
Celebrating 20 years of growth
Cayman Islands: 20 years of insurance