A new document came into light issued by the Government Accountability Office (GAO) which showed that private insurance companies were refusing to cover damages that result due to a cyberattack.
By the looks of it, this decision will be majorly inconvenient for a number of American businesses that are vulnerable to financial loss. There seems to be no solution for this issue unless the US government comes up with an insurance model that can keep both businesses and private insurance companies satisfied.
GAO’s report also shows that hacking groups that are connected to China, Iran, Russia, and North Korea are the ones that pose the greatest threat to American businesses.
According to The Verge’s knowledge, GAO has requested the government to issue a federal cyber insurance option because of how challenging it is to deal with the aftermath of a cyberattack.
GAO has called for help on the matter from the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and even the Department of Justice.
GAO has implored these offices to identify the technologies which are prone to cyberattacks and the threat actors responsible for ruining businesses by taking advantage of them.
As of late, US entities are being targeted by a number of threat actors and hacking groups as a result the number of cyberattacks have spiked considerably, to the point the local authorities are finding it hard to control them.
According to statistical reports, in 2016 the United States encountered more than 19,060 ransomware incidents, resulting in data breaches, email compromises, and DDoS attacks. Dealing with the cases was not cost-effective in the least as they cost nearly $470 million.
In 2021, according to the FBI, there were 26,074 reports of cyberattacks and these cases cost a total of $2.6 billion.
GAO’s report highlighted the Colonial Pipeline cyberattack because of its spillover effect on the economy of the United States.
In the said cyberattack, the 5,500 miles long transport operation system was hacked and made to go offline. Because of this, the pipeline operator had no choice but to pay a ransom of $4.4 million to the hackers in order to get the access back. They were advised not to do so by local authorities however desperate times call for desperate measures.
Attacks that are carried out on huge companies are exceptionally disastrous as they result in a loss of millions of dollars and often insurance companies back out at the last minute by finding an exit strategy and revising their insurance policies.
Although insurance companies are willing to cover data breaches and ransomware attacks, they can only go to a certain extent due to their policies which limit their “potential losses from systemic cyber events.” Meaning they won’t be catering to losses which are a direct attack on the infrastructure and any other sort of cyberattack.
The GAO officials said that the US Department of Treasury has taken into account that some private insurance companies have mitigated their exposure by lowering the maximum amount of payout to cyberattack victims.
Some insurance companies have also increased their premiums to safeguard themselves from losses whereas others have completely pulled out from covering the infrastructure sectors altogether.
GAO has suggested that CISA and the Federal Insurance Office assess the situation to see if the private insurers can be prevented from backing out and leaving the businesses that are victims of cyberattacks in a lurch.
