technology
Cyber
Everything in cyber
Insurance environment: The discussion that cyber insurance raises
The adoption of cyber insurance among companies in Israel was quite slow, but the case of Sharbit accelerated the process.
What does this insurance include, when do companies prefer to pay (and when not) and why do Americans already think of enacting laws that restrict it?
Yotam Gutman, SentinelOne Marketing Manager, Analyst
Tags
Cyber
Yotam Gutman
Wednesday, 18 August, 2021, 11:10 Updated: 11:20
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments
In recent years, an insurance market against cyber incidents has been developing, with insurance companies offering companies another layer in cyber risk management.
Unlike other means of protection, cyber insurance is not meant to prevent attacks but to provide organizations with a basket of means (and budget) in case of intrusion into systems, and sometimes even compensation for attack damage.
In our country, the adoption of this type of insurance as an additional means of dealing with cyber incidents is quite slow (the cyber system warned about this in a report from June 2019, when it stated that only 13% of companies in the economy have cyber insurance, but incidents that have received much media exposure The processes.
Good to know (promoted)
Custom insoles: half an hour and you are on your way to a new life
To the full article
One of the most difficult cases in the country.
Correspondence with Shirbit attackers (Photo: official website, without)
Cyber insurance component includes professional organization does not need routine as intervention teams, legal and image consulting and negotiating teams to manage the incident in front of the hackers. This point is reflected in the insurance cover the most significant.
Attacks many ransom in recent years posed a painful dilemma companies - Whether to pay the ransom or suffer from "operational stagnation" until the organization's systems return to normal operation. Added to this is another dimension of extortion - hackers steal sensitive information and threaten to leak it if the ransom is not paid soon. To conduct such negotiations, they operate the insurance companies, which in turn make available to them technical teams that try to deal with the loophole and its damages as well as negotiation experts. The same expert contacts the attackers, verifies their intentions (for example, do they really have sensitive information that they intend to publish?) And tries to understand the damage that will be done if the ransom is not paid.
At this point the company is required to decide - whether to pay the ransom (or part of it, depending on the attackers' willingness to compromise and the skill of the subject and gives with them) or "give up" the stolen information and return the organization to normal operation independently (which can take a long time). The equation is simple - if the cost of ransom is lower than the cost of damages caused by downtime and the cost of ransom will be covered by the insurance - then the company will prefer to pay. This is despite a constant increase in the amounts of ransom demanded by the attackers (it seems that the insurance companies are improving their means of negotiation and manage to maintain a relatively low amount of ransom payment).
It seems that this is a solution that is also convenient for insurance companies. The ransom payment is often lower than the coverage of the direct damages of the attack included in the insurance policy. For example, the cities of Atlanta and Baltimore have suffered infidelity attacks. The attackers demanded a ransom of less than $ 100,000, which the victims refused to pay. The result is millions of dollars in damages (over $ 8 million in the case of Atlanta), which the victims and their insurers suffer.
However, paying as a miracle "solution" brings with it public criticism in the United States, where voices are already calling for a re-examination of this practice and even a restriction. According to critics, payment only "fuels" the heresy industry. Moreover, there are rumors that attackers obtain early information about which companies have purchased insurance and the scope of coverage, and attack those companies knowing that the insurance will pay (they even know how much ransom to demand). This trend (and growing criticism) has led U.S. lawmakers to examine the legality of ransom payments.
At the same time, a number of insurance companies themselves have suffered ransomware attacks (Shirbit in Israel, CNA and others in North America), and with about 40% of cyber insurance claims revolving around ransomware attacks, it is clear why insurance companies raised the premium for handling these events close to 30%.
Who will settle the issue?
Of course, the Americans (Photo: ShutterStock)
Yotam Gutman (Photo: Sentinel One)
Is there a clear solution to the infidelity problem and is paying the attackers by the insurance company the magic solution?
Apparently not.
Insurance helps injured companies handle the ransomware incident.
According to the available data, it seems that the insurance companies (and the negotiators they run) perform an analytical analysis of the situation, and work to bring the event to an end as quickly, efficiently and cheaply as possible. Sometimes this includes payment. The U.S. legislature should not limit corporate payments in the event of ransom (in other words, it is sometimes better to let society, insurance, and attackers close the incident as quickly as possible.) In any case, ambivalence about insurance and payments will remain. your fee to see it to fuel the cyber crime industry. and as usual, the world looks up to the United States to regulate the issue in legislation and regulation.
Yotam Gutman is the marketing manager for cyber SentinelOne
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments
