Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee
November 11, 2022 By Martin Lee
Insurance exists to cover the unexpected costs of loss, damage or injury. Despite our best efforts to avoid fire, theft or accidents, these things happen and can be expensive. We cannot predict if or when such an event will happen to us. However, we can measure the occurrence of such events and calculate their likelihood and consequences by analysing a large population sample.
The first insurance markets developed from insuring ships and cargos in the 17th century. The sudden loss of a ship could be catastrophic for businesses; however, insurance could mitigate the financial damage. Large losses could be absorbed by insurers who could predict these costs and charge appropriate insurance premiums. As businesses have evolved and digitised, so too have the risks to which they are exposed. Catastrophic losses to businesses have not disappeared, but changed in nature.
