Cyber ​​insurance, an issue of economic sovereignty for France

Push-to-crime for some or help with security for others, the question of cybersecurity has not been settled in France. The question was the subject of a parliamentary report by MP Valéria Faure Muntian, but it remained at this stage.

However, with the new legislature which will open in the National Assembly at the end of June 2022, it is time to put the file back on the pile. The news argues in this direction because the manufacturer of agricultural equipment AGCO, victim of a ransomware, had to shut down its factories. Distributor of several brands of agricultural equipment, the attack perpetrated on May 5, 2022 paralyzed the French sites of Beauvais, in the Oise. This case is absolutely not isolated because Hisco recently estimated that the number of companies targeted by a cyberattack in France increased from 34% to 49% between 2019 and 2020. Similarly, according to IBM, the cost of cyberattacks has increased by 12% for companies over the past five years. It is time to put an end to the vulnerability of which our economy is a victim.

For this, the public authorities should not stop at the stages of observations or intentions. A law must be considered regarding these ransom demands, as well as a framework for cyber insurance. Indeed, the significant increase in claims and the lack of structuring of the French market place us far behind England, whose model is the most successful, if not the most efficient. As proof, our country has to catch up with only 130 million euros in contributions for cyber coverage; a very low level on a European scale. However, it is not a question of creating regulatory shackles as we can see in other financial professions nor of contravening the free European competition of the offer. We must rather imagine a responsible approach that will make it possible to build a fair circuit for insurance companies, brokers and businesses alike.

An issue of economic sovereignty

Currently, hacked companies rightly complain that their coverage does not take into account the financial damage caused by the loss of intellectual property caused by phishing. Nor even the impact on their reputation with customers and suppliers. So many aspects that are poorly estimated or discarded and that have a real impact on companies’ cash flow. When it comes to insurance companies, we understand that as claims increase, they are sounding the alarm bells. Too few companies insured for an increasing number of damages disrupts an entire ecosystem in the long term. Also, do not think about a minimum coverage for all companies, with tax incentive. More particularly a policy indexed on the size of the company so as to cover the risks, in proportion to the activity. But also a policy taking into account the transversalities of activities within the company itself?

CNCEF Assurance is ready to reflect with the public authorities and representative organizations so as to settle what constitutes an issue of economic sovereignty for France. At this stage, we might have thought that the creation of a cyber branch in the Insurance Code would be sufficient. However, the phenomenon is spreading to such an extent that if a law is to be created in France, the European Union must also move up a gear and define a pact that is sufficiently protective, educational, with a simplified architecture that is as open as possible. This is the challenge that therefore awaits our institutions but also our insurance brokers and their agents to whom companies and communities will have to turn to protect themselves and optimize their data and their financial assets.

Leave a Comment