Ensure That You’re Insured?

Ensure Insured Image

In the digital realm, even the gatekeepers aren’t safe. Cybersecurity insurance has become a beacon of hope for businesses seeking financial protection against cyber threats. However, a new trend has emerged: threat actors targeting insurance companies to gauge the protection level of their clients. This adds a layer of complexity to the debate on the efficacy of cybersecurity insurance. Let’s explore the pros and cons, keeping this new threat vector in mind.

Pros of Cybersecurity Insurance

  • Financial Protection: Cyberattacks can result in significant financial losses. The WannaCry ransomware attack in 2017, for instance, led to global losses of around $4 billion. Insurance can help businesses cover costs related to data recovery, legal consultations, and even ransom payments.
  • Risk Management: Insurers often mandate certain cybersecurity standards for their policyholders. This can inadvertently lead to businesses bolstering their cybersecurity defenses.
  • Business Continuity: Post a cyber incident, businesses might face operational halts. Insurance can provide coverage for such business interruptions, aiding companies in swift recovery.
  • Reputation Management: Some insurance packages include PR and crisis management services. In the aftermath of a breach, these services can be instrumental in salvaging a company’s reputation.

Cons of Cybersecurity Insurance

Insurance Companies as Targets: Threat actors have begun targeting insurance companies to discern the cybersecurity measures of their clients. In 2020, Blackbaud, a cloud software company serving many insurance firms, was hit by a ransomware attack, exposing client data. This trend underscores the vulnerability of insurance companies themselves.

Not a Substitute for Security: Despite having insurance, breaches can still occur, as evidenced by the 2019 Capital One incident, which compromised data of over 100 million customers.

Complex Policies: The intricacies of cybersecurity insurance policies can be daunting. Not all cyber incidents might be covered, necessitating businesses to fully comprehend their policies.

High Premiums: The evolving nature of cyber threats has led to a surge in insurance premiums. This can be a financial strain, especially for smaller businesses.

Moral Hazard: With the financial cushion of insurance, companies might indulge in riskier online behaviours, potentially leading to more breaches.


While cybersecurity insurance offers a semblance of protection against the financial ramifications of cyber threats, the targeting of insurance companies by threat actors adds a new dimension to the debate. It’s imperative for businesses to view insurance as a component of a holistic cybersecurity approach, rather than a complete solution.


CBS News – WannaCry ransomware attack losses could reach $4 billion
BBC News – Blackbaud: Data-stealing ransomware attack hits US firm
The Wall Street Journal – Capital One’s Data Breach Could Cost the Company up to $500 Million

Stu Walsh

Stu Walsh

I have recently left my position as the Chief Information Security Officer (CISO) for Blue Stream Academy Ltd. who are a leading provider of online training and HR solutions to healthcare organisations in the UK. I oversaw the organisation’s information security strategies, ensuring the protection of sensitive data, and complying with healthcare industry-specific regulations and standards. During my time as CISO, I established and maintained the Information Security Management System (ISMS) required for our ongoing General Data Protection Regulation (GDPR) compliance, ISO27001 and PCI-DSS certifications.

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow by Email
X (Twitter)