Today’s Wall Street Journal included an excellent piece by reporter Devlin Barrett on the vulnerability of corporate networks to cyber attacks. Commenting specifically on the FBI’s observations, he noted the deep concern and frustration over the inability of corporations to protect their data. Pointedly observing that ‘offense beats defense’ and ‘we are outgunned,’ the FBI says that the U.S. is losing the cyber war to the hackers.
Commenting on the FBI’s message, Devlin observed:
- Companies don’t do everything they can do, and when they suffer a breach, they call the FBI (which, by the way, currently has a caseload of 2,500 hacking investigations; I’m surprised it’s not more),
- Companies often aren’t even aware they have been hacked, and
- Corporate leadership is inadequately addressing security due to perceived cost and ease of use problems, and worse (my words) lack of comprehension
The FBI is promoting the idea that corporations need to depend less on their ability to prevent breaches and more on managing the breaches that they should assume are ongoing. I’m no technologist, but even I have been concerned for some time that the ability of organizations to defend themselves against hacker attacks is limited. It looks like the FBI is, too.
So, what are the implications for Cyber insurance? I have to wonder how carriers can stay ahead of this risk, when the FBI is telling us that the companies that are their insureds aren’t. Is it possible to price this exposure adequately?
Here’s the video from the Wall Street Journal Wednesday, March 28, 2012: