Most critical cyber insurance issue is not growth of ransomware


A recent article in the Financial Times highlighted the continued emergence of ransomware and the targeting of large financial institutions, an issue illustrated by the devastating attack on Travelex and the growth of cyber insurance as a mitigation measure for companies.

Large insurers point to the significant increase in the sums attackers are demanding and disputing the claim that having cyber insurance to cover such incidents makes companies more of a target.



Lost in the discussion over ransomware and cyber insurance is one of the most pressing issues—the growing gap between the cost of the operational disruption caused by the attack and the cyber insurance coverage. Regardless of the size of the ransomware demand, the overall severity and duration of the financial impact results not from the demand, but rather from the disruption itself. Cases such as Norsk Hydro and Pitney Bowes have clearly demonstrated how costly these disruptions can be to the balance sheet.

While management teams increasingly claim that insurance will cover “most” of the cost of a successful ransomware attack, data increasingly illustrates a growing gap. Norsk Hydro reported approximately $19 million in cyber insurance compensation in 2019, while it incurred $71 million in damages after its March 2019 cyberattack. This is in the context of what the company described as “robust” cyber insurance coverage. This doesn’t begin to address the value losses that mount in the aftermath of such attacks. Mondelez underperformed by 10 percent in the year following its NotPetya breach, equivalent to $6.8 billion.

Partially to blame for this gap is one key ingredient that is missing in the cyber insurance market—the ability to accurately price cyber risk like insurance companies price other insured risks. Until accurate risk pricing is adopted by the market, the prevalence of the gap will grow for more impacted companies.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website