A new report from the Government Accountability Office or GAO shows that private insurance companies are no longer willing to cover the damages caused by cyberattacks.
This decision will leave a lot of American businesses vulnerable to financial loss unless the US government creates an insurance model that can benefit both the private insurance companies and the businesses.
Watchdog Warns of Insurance Companies Backing Out
According to The Verge, GAO has called for the local government to assess the need for a federal cyber insurance option due to the growing challenge of covering the damages done by cyberattacks.
GAO is calling on the National Security Agency or NSA, the Office of the Director of National Intelligence or ODNI, the Cybersecurity and Infrastructure Security Agency or CISA, and the Department of Justice to help identify the technologies that are prone to attacks and the type of threat actors that can exploit businesses.
GAO's report also shows that hacking groups that are connected to China, Iran, Russia, and North Korea are the ones that pose the greatest threat to American businesses.
Also Read: 71% of Ransomware Attacks Target Small Businesses: Are You Ready?
Several hacking groups and skilled threat actors are targeting US entities, which means that the number of cyberattacks have been increasing so much that the local authorities can no longer keep up.
The Effects of Ransomware
In 2016, the United States recorded 19,060 incidents of ransomware, business email compromise, data breaches, and denial of service attacks. The cases had cost the country $470 million.
In 2021, the FBI reported that there were 26,074 incidents, and the total cost of the cases was $2.6 billion.
The incident that was highlighted in GAO's report due to its spillover effect on the country's economy was the cyberattack on the Colonial Pipeline.
In that attack, the 5,500-mile-long transporting operation system was forced to go offline. The pipeline operator had to pay a ransom of $4.4 million to the hackers even though they were advised by authorities not to give in to the demands.
Cyberattacks on massive companies leave damages that costs millions of dollars, and this has private insurers backing out of the market by changing their insurance policies.
Even though the insurance companies will still cover ransomware attacks and data breaches, the insurers are taking steps to limit their "potential losses from systemic cyber events." This means that they will no longer cover losses incurred by deliberate infrastructure targeting or any form of cyber warfare.
According to Gadget Officials, the US Department of Treasury noted that some private insurers have been mitigating their exposure by deliberately lowering the maximum amount that a policy will pay out in case a business becomes victim of a cyberattack.
Some insurers even increased their premiums just so they can protect themselves from potential loss, while some are pulling back from coverage in infrastructure sectors entirely.
GAO is now suggesting that both the CISA and the Federal Insurance Office undertake an assessment to see if there is anything that they can do to prevent private insurers from backing out and leaving American businesses to deal with the damages done by hackers.
This article is owned by Tech Times
Written by Sophie Webster