Sony Pictures CEO Michael Lynton showed some bravado following the attack on the company's internal systems, claiming the financial damage done by the 'Guardians of Peace' will be covered by insurance.
This has lead other companies to believe cyber attacks—while deadly—will not be financially crippling. London insurer Stephen Catlin does not believe this is the case, claiming “our balance sheets are not large enough to pay for that."
Catlin's comments have changed analysts projections of cyber attacks in 2015, originally believing they can be solved through insurance alone.
If insurers cannot pay off the cyber espionage bill every time, it might become a very expensive attack. Catlin claims the threat of cyber attacks is even greater than that of terrorism, due to the amount of personal information one company can hold.
Catlin also claimed UK and U.S. government intervention and protection for companies is admirable, but not enough to make insurer's feel confident in providing insurance against a cyber attack, especially considering the 50 per cent increase in attacks over 2014.
“While insurance may help mitigate some of the financial impact of a security incident or breach, the reputational impact and the impact to the business operation cannot be mitigated with insurance in the same way,” Fujisu cyber security solutions Rob Lay said. “By taking this risk-based approach, businesses can ensure that they are dealing with the largest and most dangerous issues first."
A risk-based approach allows companies to filter out the major issues that could happen in a cyber attack, covering them first with additional security, making sure damages are minimal if an attack occurs.
Cyber security is becoming an expensive commodity, especially since a cyber attack the size of Sony Pictures could damage a company's reputation for a long time. This is giving rise to even more security services like FireEye, who worked on the Sony Pictures attack.