Are nations ready to be the cybersecurity insurers of last resort?

A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this week questioned whether a £1.5 billion (about $2 billion) government loan guarantee provided to Jaguar Land Rover (JLR) should have happened in the first place.

Speaking at an event hosted by the Royal United Services Institute (RUSI) that reviewed the CMC’s activities in its first year of operation, Ciaran Martin, chair of the CMC’s cyber monitoring technical committee, discussed the loan guarantee announced last year following an attack that has been described as one of the UK’s worst cyber incidents.

“I must stress that I’m speaking personally now. I think the loan guarantee is an unfortunate precedent because the government intervened in a case-specific way, in response to a set of events, without the clear criteria of what form such intervention could take,” said Martin during a panel discussion with CMC executives and Tracey Paul, chief strategy and communications officer at Pool Re, a UK terrorism reinsurer.

David Shipley, CEO of Beauceron Security, added, “a monster has been created by using insurance to cheat our way out of handling the risk in near-term more expensive, but long-term more effective ways.”

Why, he asked, should organizations “invest all the work in multifactor authentication when you can just buy insurance? The problem now is the cybercrime monster that insurance fed is now Godzilla sized, and we can’t insure all of the damage. Great job.”

Government bailouts of industry, said Shipley, “is just the next, bad leap in the same flawed decision. If insurance was the crack cocaine of cyber risk mismanagement, government bailouts are the corporate fentanyl. Maybe the smart answer is, we have to account for the real cost of proper security in our goods and services, and invest in ways that don’t put money in the hands of criminals.”

Read the full story at CIO.com