Private insurance companies are increasingly refusing to pay for damages caused by significant cyberattacks, a federal watchdog has warned, leaving American businesses at risk of “catastrophic financial loss” unless a different insurance model can be developed.
Cyber attacks could cause businesses to suffer “catastrophic financial damage,” says the American watchdog
In order to quantify the risk of cyberattacks on critical infrastructure, the report draws on threat assessments from the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Justice. These assessments help to identify vulnerable technologies that may be attacked as well as a variety of threat actors capable of utilizing them.
A recent study from the Government Accountability Office (GAO) details the increasing difficulty of managing cyber risk and urges the government to determine if a federal cyber insurance option is necessary.
Citing an annual threat assessment released by the ODNI, the report finds that hacking groups linked to Russia, China, Iran, and North Korea pose the greatest threat to US infrastructure — along with certain non-state actors like organized cybercriminal gangs.
“Although federal agencies do not have a comprehensive inventory of cybersecurity incidents,” the report reads, “several key federal and industry sources show (1) an increase in most types of cyberattacks across the United States— including those affecting critical infrastructure, and (2) significant and increasing costs for cyberattacks.”
Given the wide and increasingly skilled range of actors willing to target US entities, the number of cyber incidents is rising at an alarming rate.
In 2016, US businesses and public bodies were hit with a total of 19,060 incidents in the four major categories — ransomware, data breaches, business email compromise, and denial of service attacks — with a total cost of $470 million, per a GAO analysis of FBI reports. In 2021, there were 26,074 incidents, and the total cost was close to $2.6 billion.
The report also cites specific incidents that have had a spillover effect on the wider economy, notably the cyberattack on the Colonial Pipeline that took a 5,500-mile-long fuel transporting operation offline. In that attack, the pipeline operator paid a ransom of $4.4 million to the hackers — despite advice from law enforcement agencies that ransom demands should always be rejected.
Check the latest news about tech news section for best information.