Retaliating Against Cyber Attacks: A Big No-No That More Companies Want To Try
It’s understandable why a large number of firms across the United States would want to get into the hacking game. For starters, they’ve been maliciously attacked by hackers for at least a decade with no real recourse other than to have a stellar cyber insurance policy for protection. In the recent Sony hack, some numbers have placed the overall damage at $500 million though the actual number could end up being a fifth of that.
Either way, when you get in to the hundreds of millions of dollars, a well-executed hack can cost large amounts of money, cut in to profits, and result in a lot of people losing jobs.
And as Insurance Journal notes in a recent expose, “U.S. officials have shown little appetite to intervene as banks, retailers, casinos, power companies and manufacturers have been targeted by foreign-based hackers. Private-sector companies doing business in the U.S. have few clear options for striking back on their own.”
Nevertheless, companies with the money to launch a retaliatory attack are seriously considering their options, much to the chagrin of the federal government (and perhaps common sense).
The FBI is now encouraging companies in Sony’s position not to launch cyber attacks of their own. Here are some reasons why they should probably listen.
One: It’s an added expense.
With a good cyber insurance policy in place, many companies can reduce the overall amount of damage that an attack causes, though it should serve as a wakeup call to do more spending when it comes to beefing up security. After you’ve lost nine figures in a single attack, spending even more money on a revenge tactic isn’t generally a good idea. Furthermore, firms are quite new to cyber attacks and thus well behind the curve on intelligence. Striking back could begin a damaging cycle of cyber attacks as they go up against an enemy with better experience.
Two: There could be collateral damage. Lots of it.
As FBI spokeswoman Jenny Shearer notes in comments to IJ, “Hackers typically commandeer other people’s computers, including home PCs and corporate servers, to launch attacks. Those machines may be located in friendly countries and hold the data of innocent users. Erasing or stealing data from these computers would result in collateral damage, including bad publicity and the disruption of legitimate online services.” Invariably companies that are inexperienced at carrying out cyber attacks would position innocent users in the crossfire, and that would not only be a PR nightmare, it would also open companies up to civil liability, layered on top of the cost of the initial attack and the cost of the retaliatory attack.
Three: It could be against the law.
Cyber attacks on foreign hackers may seem like a safe bet from a legal standpoint, but as alluded to in number two above, they could result in collateral damage that not only opens up a firm to litigation, but they could also place firms in direct violation of federal law.
Getting attacked by any kind of hacker — foreign or otherwise — can result in a lot of frustration and loss of productivity, but currently cyber insurance remains the greatest defense against it. By purchasing a comprehensive cyber insurance policy, hiring skilled cyber security experts, and responding promptly to any attacks or attempts, a company will go much further in shoring up its defenses and avoiding the negative fallout. If your clients are vulnerable to a cyber attack, make sure you speak to them about purchasing cyber insurance today.