[BUDGET AMMO] James Rundle at The Wall Street Journal today published a very interesting article about the long-term costs of cyber attacks and the fact that cyber insurers are getting more and more worried that their models do not cover these long-tail repercussions. One of the problems is that there are a significant number of claims that have not settled out in the courts yet, which might take years to get finally concluded.
(PS: I asked JasperAI to create this art. I would worry too if I had fingers like this.) Here are a few short extracts, I would send the WSJ link to your Infosec budget holders.
"Claims from a single incident can stretch on for years in class-action lawsuits and investigations. Insurers are still coming to grips with how far-reaching the damage can be. Privacy laws and regulatory action extend the cost of incidents for years beyond an attack, insurers say, which could result in higher costs and stiffer policy requirements for companies."
"Claims associated with cyberattacks often include the cost of incident response, forensic investigations and replacing hardware and software, which many cyber insurance policies are designed to cover. But litigation over data breaches and downtime can be expensive for companies, and what their insurance policies cover isn’t always clear. Insurers worry that claims relating to cyber incidents could persist for years, long after the initial impacts of a hack are resolved, referred to as long-tail liability."
Here is the link to send to your budget holders: