"Businesses Risk 'Catastrophic Financial Loss' From Cyberattacks, US Watchdog Warns"
The Government Accountability Office (GAO) warns that private insurance companies are increasingly declining to cover damages caused by major cyberattacks, leaving American businesses vulnerable to catastrophic financial loss unless another insurance model is introduced. GAO's new report requests that the government assess whether a federal cyber insurance option is required. The report uses threat assessments from the National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Justice (DOJ) to quantify the risk of cyberattacks on critical infrastructure, identifying vulnerable technologies that could be attacked as well as a variety of threat actors capable of exploiting them. According to an annual threat assessment by the ODNI, hacking groups linked to Russia, China, Iran, and North Korea, and certain non-state actors such as organized cybercriminal gangs, pose the greatest threat to US infrastructure. The number of cyber incidents is rapidly expanding due to the wide and increasingly skilled variety of individuals ready to target US organizations. Although federal agencies do not have a comprehensive inventory of cybersecurity incidents, there are several key federal and industry sources that show a rise in most types of cyberattacks across the US, including those impacting critical infrastructure, and increasing costs for cyberattacks. There were 26,074 incidents in 2021, with a roughly $2.6 billion total cost. This article continues to discuss the GAO's report on cyber insurance that calls for action to assess potential federal response to catastrophic cyberattacks.