What is the collective response to the cyber insurance issue?

The finding is sadly simple: the key services of the Nation are sufficiently protected. Health, transportation, industry or food, all of these sectors rely on computer systems that have been the subject of cyberattacks. In the private sphere, the picture is no longer gratifying. As a reminder, an ExtraHop study found that in 2021, 78% of French companies had suffered a ransomware attack in the last five years and 69% had paid a ransom. Beyond the paralysis of business and its financial consequences, it must emphasize the eminently high cost of cybersecurity that can lead some organizations to bankruptcy.

The specter of cyber espionage and cyber warfare is also in the context of current geopolitical destabilization.

Strengthening the security of information systems

Faced with this finding, IT security consulting professionals are urging companies to take up the subject and put in place good practices to strengthen the security of their IS. As such, the recommendations issued by the recognized bodies (ANSSI, ISO, etc.) are effective benchmarks for getting a better robustness and control of an information system: inventory of accounts, mapping of the IS, networking, etc. . Once the IS is better mastered, companies are able to make accurate and tailored security choices. This must be a strategic priority for businesses and various organizations.

Cyber-insurance: changing the paradigm

To protect themselves, the classic response to the risk of cyberattack was to use insurance. Unfortunately, in the face of the resurgence of cyberattacks, insurers no longer want to take on such risks. The economic cost and risk of a cyber-attack have now become too high a fortiori to insure the ESNs themselves for fear of a risk of generalization in the event of failure, a so-called systemic risk.

In the digital transformation of companies that has taken place in a forced march, especially during the various borders, the necessary security measures have not been sufficiently anticipated, leading to disorganization and fragility.

With an imperative to put millions of people into telecommuting in just a few days, the upheaval has been brutal and includes the cyber-insurance market. Even 87% of large French companies (source study Lucy Amrae 2021) were covered by a dedicated insurance contract in 2021, their coverage is very limited for the report of potential damage from a cyber attack. More seriously, insurers carry out drastic revaluations of the amount of premiums or even full termination. There is therefore an urgent need to provide a collective response to cybersecurity issues.

Report a collective response to the cyber insurance issue

At the time of restructuring the e-insurance market, the state must seize the subject if it does not want to accentuate the fragility of its corporate fabric and especially that of ETIs. The state has done this in the past and especially in the 80’s with the creation of the Société Française de Garantie des

fund de garantie d’assurance porté par l’Etat via the BPI or another institution to support the French economy. This fund could be thought of as one support in a period of consolidation of the cyber insurance market.

Whatever the expected solution, a collective response is essential to respond to this major economic danger, especially national security. It is therefore essential that companies – government services, insurers, banks – mobilize now. Our responsibility is collective. We need to find solutions that strengthen and protect our economy. Today more than ever.