LIkely a confusing and counter-productive take, in our opinion. DHS is now, in effect, raising questions about whether businesses should get cyber insurance. Or is the agency implying businesses self-insure against ransomware but obtain coverage for other cyber risks?
Government will not be the primary driver of improved cyber security. As with fire safety, loss control and employee health, free market forces including insurance will help companies achieve a better balance of risk versus prevention/mitigation, assisted by targeted government action. Meantime the feds should be focused on reducing the ransomware threat through far more robust and creative law enforcement, intelligence and civil action, plus making more progress on strategies for the insured and insurance industry to handle acts of war and massive attacks.
“Iranga Kahangama, assistant secretary for cyber, infrastructure, risk, and resilience policy at the Department of Homeland Security’s (DHS) Office of Strategy, Policy, and Plans, highlighted how taking out a cyber insurance policy could make organizations a more attractive target for cybercriminals.
‘They will do their market research on victims who can afford to pay, and they will look at people who have cyber insurance to see if they are more susceptible to paying [the ransom],’ Kahangama said.”
Source: Cyber Experts Discount Insurance in Ransomware Fight – MeriTalk