What collective response to the issue of cyber-insurance?

The observation is unfortunately simple: the key services of the Nation are not sufficiently protected. Health, transport, industry or food, all these sectors rely on computer systems that have been the subject of cyberattacks. In the private sector, the picture is hardly more encouraging. As a reminder, an ExtraHop study revealed that in 2021, 78% of French companies had suffered a ransomware attack in the past five years and 69% paid a ransom. Beyond the paralysis of activities and the financial consequences thereof, it is necessary to underline the eminently high cost of cybersecurity, which can lead certain organizations to bankruptcy.

The specter of cyber-espionage and cyber-war also swirls in the context of current geopolitical destabilization.

Strengthen the security of Information Systems

Faced with this observation, computer security consulting professionals invite companies to take up this subject and put in place good practices to strengthen the security of their IS. As such, the recommendations issued by recognized organizations (ANSSI, ISO, etc.) are effective benchmarks for obtaining better robustness and control of an information system: inventory of accounts, IS mapping, network breakdown, etc Once the IS is better mastered, companies are able to make precise and appropriate security choices. This work must be a strategic priority for companies and different organizations.

Cyber-insurance: changing the paradigm

To protect yourself, the classic response to the risk of cyberattack was to use insurance. Unfortunately, faced with the resurgence of cyberattacks, insurers no longer wish to take on this type of risk. The economic cost and the risk of a cyber-attack have now become too great, a fortiori to insure the ESNs themselves for fear of a risk of generalization in the event of failure, a so-called systemic risk.

The digital transformation of our societies having been carried out at a forced march, in particular during the various confinements, the necessary security measures were not sufficiently anticipated, causing disorganization and fragilities.

With an imperative to put millions of people into telework in just a few days, the upheaval has been brutal, including in the cyber-insurance market. Even if 87% of large French companies (source study Lucy Amrae 2021) were covered by a dedicated insurance contract in 2021, the amount of their coverage is very limited compared to the potential damage from a cyber-attack. More seriously, insurers are carrying out drastic reassessments of the amount of premiums or even terminations as of right. There is therefore an urgent need to provide a collective response to the challenges of cyber-insurance.

Bringing a collective response to the issue of cyber-insurance

The time to restructure the cyber-insurance market, the State must seize the subject if it does not want to accentuate the fragility of its business fabric and in particular that of ETIs. The State has already done this in the past and particularly in the 1980s with the creation of the French Society for the Guarantee of

insurance guarantee fund supported by the State via the BPI or another institution seems key to supporting the French economy. This fund could be thought of as a support in a period of cyber insurance market consolidation.

Whatever the solution envisaged, a collective response is essential to meet this major economic and national security challenge. It is therefore essential that companies, State services, insurers, banks – mobilize now. Our responsibility is collective. We must find solutions that strengthen and protect our economy. Today more than ever.