There is No Such Thing as Cyber Security

This past year Verizon nearly dropped its bid for Yahoo after uncovering a massive data breach.  Wanna Cry, the ransomware virus that effected 230,000 computers in 150 countries, shutdown important infrastructure such as the UK's National Health Service, and FedEx, a shipping giant.  Eighty one million dollars of Bangladesh's money was stolen from the Federal Reserve Bank of New York using the "highly secure" Swift system.  Countless retailers, both large and small, have had credit card and customer information stolen.  It's been rumored that without insurance Target, a $40 billion company, would have folded from a massive data breach a few years ago.  It was so bad it prompted the CEO to resign. This is not only an issue for large companies, and it's not only retailers that have suffered.  Small businesses are particular targets because they are easier targets.  They often times lack heightened security and are easier paths to breach the larger vendors they do business with. 

Google manages over 2 billion lines of code.  Inevitably there are going to be errors and hackers will find ways to exploit it.  As the "internet of things" continues to grow rapidly, more sectors of our lives are being infiltrated with technology that is exposed to malevolent hacking.  Cars, drones, thermostats, smart lightbulbs, digital assistants, refrigerators, etc. are all examples of things that are vulnerable to hackers.  And none of it is truly secure.

The fact is it is probably impossible to make the web completely secure, but there are incentives that can play a big part in it.  First off, the software developers and computer makers aren't typically the ones suffering from these breaches; it is the users of these products.  Major developers' products have been hacked with little impact on their reputation.  If they were not allowed to escape culpability so easily and be held liable in particular cases this may force them to tighten up on mistakes.  Another incentive (via disincentive) is by creating specific exemptions on cyber insurance policies that would pressure software developers and hardware makers to clean up as enterprise companies would not purchase a product if they were exposed to such risk.

Currently, cyber insurance policies generally have very few exemptions on their contracts.  Regardless of how large or small a business is, cyber insurance is essential so long as internet security remains in the state it is in.  The service providers businesses utilize are not liable for their security flaws- something we all agree to in the terms and services contract when we first install a program.  Cyber insurance will cover financial losses, lost income as a result of a hack, will pay ransoms for ransomware, and help restore your systems following a breach, and will replace hardware if necessary. The insurance companies have specialized cyber forensics teams to investigate and make sure you are back up and running as soon as possible.

So long as there is no such thing as cyber security, insurance is your safest hedge.