The OPED identifies the issue, but in our opinion is light on solutions. The writer suggests companies publicize their cyber risk controls: “Demonstrating such preparedness will appeal to shareholders and customers and attract new ones.” Many industry insiders may prefer to focus on pushing government programs to back-stop private insurance when state-sponsored attacks occur.
“State-sponsored cyber aggression is becoming unmanageable for an industry designed to protect customers against the pursuits of common criminals. ‘For a while insurance payouts in cyber weren’t really that high,’ Ciaran Martin, the founding CEO of Britain’s National Cyber Security Center, said in an interview. ‘Then came ransomware, GDPR legislation and major attacks like NotPetya. Cyber insurance went from being much like any other insurance policy to being one with massive payouts and companies talking about systemic risk.'”
Source: If You’re Hacked, You May Not Have a Claim – WSJ