Is cyber insurance still viable in 2023 – the Cohesity perspective
While 2020 was heavily loss-making for the cyber insurance micro-market, AMRAE notes that the situation stabilized in 2021, now representing 219 million euros. In question, the premium rate which has doubled and the payment conditions have become more demanding.
This development reinforces the debate around the relevance of cyber insurance, in particular raising doubts about their effectiveness, their deployment and the actual extent of the coverage offered.
Indeed, Cohesity’s legal experts have found, after analyzing the major ransomware insurances on the market at the end of 2022, that the current guarantees are little more than liability limitations that benefit providers – and not to customers.
The CEO of Zurich Insurance also declared in an interview with the Financial Times that cyberattacks will soon become “uninsurable”, since insurance and prevention have commonly proven ineffective both in the face of cyberattacks and for the effective recovery of data.
Cyber risk in France
The proliferation of attacks poses a considerable risk for companies, such as the software publisher Dedalus, a subcontractor of French medical laboratories, which was fined 1.5 million euros by the CNIL last April following several security breaches that led to the theft of data from 500,000 French patients.
The number of attacks has only increased in recent years, so much so that the Paris prosecutor’s office, according to FranceInfo, recorded the opening of 600 investigations in 2022 (65 in 2019), half of which concern ransomware attacks.
The recent adoption of the planning law of the Ministry of the Interior (LOPMI), supported by Bercy and French insurers, also continues to fuel the debate. Even if it makes it legal to compensate cyber ransoms paid by companies, it is incumbent on them first to file a complaint with the competent authorities, a condition decried by many for the consequences it imposes on the reputation of the company. enterprise or organization concerned.
What alternatives to insurance?
For Jean-Baptiste Grandvallet, System Engineer at Cohesity, “organizations have every interest in concentrating their efforts on recovering data in the event of an attack. A surmountable challenge if real prevention measures are properly implemented. »
Companies can keep an isolated copy of data as part of a 3-2-1 strategy and adopt a zero-trust approach, so that data is encrypted both during transfers and on storage.
For Cohesity, the major challenge in 2023 will be to achieve cyber-resilience by improving collaboration between IT and OT teams through a global security strategy, to enable them to work together to detect and prevent attacks. cyber. All of these measures could not only have a direct positive impact on cyber insurance coverage but will also reduce the risk of incidents and possible damages following a failure or loss of data.
