If data is the new oil, then we’re looking at pelicans soaked in crude on a beach.
When an oil tanker goes down or an oil rig explodes, dumping millions of gallons of petroleum into the ocean, we clean up the spill, we look for first causes, and we hold the company — even individuals — responsible for the harm they’ve caused to a shared resource: the environment we all live in.
When a company like Equifax commits gross negligence for failing to secure our data, and a breach pumps 147.9 million records onto the internet, the company’s directors keep their jobs, their cyber insurance policy pays out, and the company posts a profit.
The Equifax breach harmed pretty much every adult in the U.S., and the company has yet to face any real consequences for its incompetence. Is this the future of cyber risk insurance — commit gross negligence and get away with it?
Maybe. Maybe not. CSO talked to more than a dozen cyber insurance experts and reviewed hundreds of pages of documents on the current state of the cyber insurance market. Here’s what we found.
The moral hazard of cyber risk insurance
“Moral hazard” is the term insurance wonks use to discuss the misplaced incentives…
