Because cyberattacks pose such a devastating risk, financial services firms are buying insurance policies for protection.
That seems like a good idea, but there's a problem. Insurance companies may not be ready to pay up after a major cyberattack, warns David E. Wood, of the law office Anderson Kill in Ventura, California.
Editor’s Note: Retire 10 Years Earlier With These 4 Stocks
Many insurance companies sell policies that pay relatively small claims and feature high deductibles and low coverage limits, Wood writes in an article for
American Banker. They hope that strategy will largely protect themselves and off-load much of the risk to policy holders.
But they are not taking into account catastrophic cyberattacks, he points out. Government agencies have warned that an attack could shut down power at financial services providers, halt inter-bank transactions, and even bring the entire economy to a standstill.
In spite of low limits on payouts, insurance underwriters "would be severely impacted," Wood says. "Insurance companies now trumpeting their prompt payment of cyber-loss claims may pull in their horns when a serious, broad-scope attack finally takes place."
Underwriters apparently fear a large cyberattack causing major losses across the financial services industry.
"This fear, to the extent that it keeps high-limits policies out of the hands of the banks that need them, may serve as a warning that the insurance industry does not yet have its arms around the risk cybercrime poses to the financial services industry."
Since banks are uninsured or ineffectively insured against the attacks, they must rely more on themselves, Wood recommends. They should improve their data security, consider alternative insurance such as self-insurance and captive insurance, which are subsidiaries of non-insurance firms created to help the parent organization.
Improved security is not enough, he says. Experts warn that no security protocols are guaranteed to fend off determined hackers. Ideally, banks should use a combination of cyber security, alternative insurance tools, and insurance products available on the market, he advises.
"The need for the attention of a bank's senior management and board has never been more urgent."
A widespread cyberattack could cause almost as much damage to the global economy as the 2007 financial crisis, says Andrew Coburn, of the University of Cambridge's Centre for Risk Studies, speaking at a recent cybersecurity conference in London, reports
Bloomberg BNA.
In a worst-case scenario, losses in GDP could total $15 trillion over five years, close to the $19 trillion lost in the financial crisis, Coburn estimates.
Many companies are finding that traditional insurance policies are inadequate protection against cyberattacks, says Sarah Stephens of insurance broker Aon PLC, another conference speaker.
Editor’s Note: Retire 10 Years Earlier With These 4 Stocks
Related Stories:
© 2025 Newsmax Finance. All rights reserved.