{"id":15987,"date":"2026-03-21T00:20:54","date_gmt":"2026-03-21T00:20:54","guid":{"rendered":"https:\/\/newestek.com\/?p=15987"},"modified":"2026-03-21T00:20:54","modified_gmt":"2026-03-21T00:20:54","slug":"are-nations-ready-to-be-the-cybersecurity-insurers-of-last-resort","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15987","title":{"rendered":"Are nations ready to be the cybersecurity insurers of last resort?"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this week questioned whether a \u00a31.5 billion (about $2 billion) government loan guarantee provided to Jaguar Land Rover (JLR) should have happened in the first place.<\/p>\n

Speaking at an event<\/a> hosted by the Royal United Services Institute (RUSI) that reviewed the CMC\u2019s activities in its first year of operation, Ciaran Martin<\/a>, chair of the CMC\u2019s cyber monitoring technical committee, discussed the loan guarantee announced last year following an attack<\/a> that has been described as one of the UK\u2019s worst cyber incidents.<\/p>\n

\u201cI must stress that I\u2019m speaking personally now. I think the loan guarantee is an unfortunate precedent because the government intervened in a case-specific way, in response to a set of events, without the clear criteria of what form such intervention could take,\u201d said Martin during a panel discussion<\/a> with CMC executives and Tracey Paul<\/a>, chief strategy and communications officer at Pool Re<\/a>, a UK terrorism reinsurer.<\/p>\n

Martin, who is also a RUSI Distinguished Fellow, said, \u201cthere clearly are a set of plausible, realistic, bad scenarios where most reasonable citizens would expect some form of government activity. But it would be better to have a framework, whether that\u2019s compulsory insurance, incentivizing insurance with tax breaks, whether it\u2019s a set of principles as to what would trigger state intervention. And in what form? Loan guarantees? Something else?\u201d<\/p>\n

To complicate things, Paul noted that today there is a cyber insurance protection gap. \u201cI don\u2019t know how we are going to bridge this gap between the potential economics loss and the insured loss without some partnership between government and the insurance industry and other parts of the cyber ecosystem,\u201d she said. The industry has a prefunded model, and a contract with the government under which, if the insurer runs out of money, the government will step in and loan the money to pay the losses. <\/p>\n

\u201cBut that is one way of doing it and I think they would like the flexibility to do it in another way,\u201d she observed. \u201cBut what I do think is you cannot have a transfer of risk between the public sector and the private sector unless you have some kind of structure around it, and at some point the government are going to have to come to the table on what that looks like in order to make that happen.\u201d<\/p>\n

Event impact can \u2018ripple across an entire economy\u2019<\/h2>\n

Analysts share Martin\u2019s concerns.<\/p>\n

Erik Avakian<\/a>, technical counselor at Info-Tech Research Group, said on Friday that he \u201chas been predicting for years now that attackers would start to move on from pure small disruption types of attacks (think DDoS) to catastrophic disruption and destruction of a company\u2019s operations.\u201d<\/p>\n

The incident at JLR, he said, \u201creally speaks to impacting the overall resilience of a company\u2019s business operations. And once that happens, the impacts can go well beyond just a quarterly earnings miss.\u201d<\/p>\n

Avakian added, \u201cwhat we\u2019ve seen with the Jaguar Land Rover attack is certainly exemplary of that, and has shown that a cyber incident can shut down real-world operations in a way where the impacts can ripple across an entire economy, not just IT systems; where a cyberattack can directly impact a nation\u2019s GDP, employment, and wreak havoc on national exports.\u201d<\/p>\n

He agreed with Martin\u2019s sentiments, explaining, \u201cin my opinion, the government stepping in like this with a loan guarantee is creating and sending a signal that some companies could now be considered too important to fail due to cyber risk. That can create a dangerous precedent because large, critical organizations could become primary targets for cyber criminals if they know that a successful attack could cause such massive consequences.\u201d<\/p>\n

It could also lead to new risks, said Avakian, \u201cwhere companies may potentially underinvest in their security if they believe there\u2019s an implicit safety net that will be there for them. Cyber resilience is more important than ever and should be central to how organizations think about security and risk management; not just how to prevent a breach, but how to keep business operations running in the face of cyberattacks.\u201d<\/p>\n

David Shipley<\/a>, CEO of Beauceron Security, added, \u201ca monster has been created by using insurance to cheat our way out of hanging the risk in near-term more expensive, but long-term more effective ways.\u201d<\/p>\n

Why, he asked, should organizations \u201cinvest all the work in multifactor authentication when you can just buy insurance? The problem now is the cybercrime monster that insurance fed is now Godzilla sized, and we can\u2019t insure all of the damage. Great job.\u201d<\/p>\n

Government bailouts of industry, said Shipley, \u201cis just the next, bad leap in the same flawed decision. If insurance was the crack cocaine of cyber risk mismanagement, government bailouts are the corporate fentanyl.\u00a0Maybe the smart answer is, we have to account for the real cost of proper security in our goods and services, and invest in ways that don\u2019t put money in the hands of criminals.\u201d<\/p>\n

This article originally appeared on CIO.com<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this week questioned whether a \u00a31.5 billion (about $2 billion) government loan guarantee provided to Jaguar Land Rover (JLR) should have happened in the first place. Speaking at an event hosted by the Royal United Services Institute (RUSI) that reviewed the… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15987","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15987"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15987\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}