Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

All companies are potential victims of cyber attacks, and buying insurance is one way many are trying to manage that risk.

Why it matters: Companies hit by attacks are exposed to incredible costs — Equifax lost $4 billion in stock market value in just a week — so companies are increasingly looking beyond traditional safety nets to avoid financial ruin.

How it works: Firms interested in obtaining cybersecurity insurance can go through an intermediary firm that helps them assess their cyber risk with a score, similar to a credit score. Some firms work on behalf of insurers to assess risk in potential client companies.

  • Some of these firms simultaneously offer services to help mitigate companies’ risk or respond to cyber incidents.
  • The market is already seeing some coordination, like the jointly offered Allianz-Aon-Apple-Cisco cybersecurity insurance package that simultaneously assesses risk and offers insurance and incident response.
  • CyberCube CEO Pascal Millaire tells Axios his company thinks about pricing by multiplying frequency by severity. In other words, how often attacks can be expected in that industry, how often they are successful, and what the operational and financial impacts could be.

Where things get murky: The cybersecurity insurance marketplace is young and fragmented. Not all formulas for premiums are equal, and there’s no consensus in the market about how to price them.

  • The result: 26% of U.S. companies reported this year they don’t believe their cyber insurer priced their premium based on an accurate analysis of their risk, per a survey run by Ovum and commissioned by FICO.
  • That’s in part because actuarial data isn’t available yet, which results in a patchwork of assessments.
  • Pricing cyber insurance premiums can be even more challenging than underwriting other premiums because cyberattacks can happen at any time, regardless of geography or seasonality. And other disasters warranting insurance, like floods and fires, exhibit more predictable behavior than hackers.

There’s a reason traditional insurance is successful, Srinivas Mukkamala, CEO and Co-Founder of RiskSense, tells Axios: “They can put a model and put a number behind it.” For now, most pricing in cyber insurance inevitably lags behind cyberthreats.

The big picture: “The key is this isn’t just an IT thing, it’s not just a tech company thing. It’s everyone,” says Jason Hogg, Aon’s CEO of Cyber Solutions. As more internet-of-things devices come online, the attack surface will continue to grow, so the need for cybersecurity insurance will likely grow, too.

  • That goes for individuals as well. “If you look out 5, 10, 15 years, it’s hard to imagine any line of insurance not being impacted in some way, shape or form…by internet-connected risk,” Millaire said.
  • High net-worth individuals are already buying cybersecurity insurance from Aon, Hogg tells Axios.

What to watch: Some insurance providers, like cybersecurity insurance startup At-Bay, require companies to meet a baseline of security before even allowing them to purchase insurance. That could encourage better security practices to begin with.

  • Yes, but: Once companies reveal the security thresholds for companies, threat actors have a head start on exploiting them.

Go deeper

Scoop: Gina Haspel threatened to resign over plan to install Kash Patel as CIA deputy

CIA Director Gina Haspel. Photo: Win McNamee/Getty Images

CIA Director Gina Haspel threatened to resign in early December after President Trump cooked up a hasty plan to install loyalist Kash Patel, a former aide to Rep. Devin Nunes (R-Calif.), as her deputy, according to three senior administration officials with direct knowledge of the matter.

Why it matters: The revelation stunned national security officials and almost blew up the leadership of the world's most powerful spy agency. Only a series of coincidences — and last minute interventions from Vice President Mike Pence and White House counsel Pat Cipollone — stopped it.

Updated 10 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Health: Coronavirus deaths reach 4,000 per day as hospitals remain in crisis mode — CDC warns highly transmissible coronavirus variant could become dominant in U.S. in March.
  2. Politics: Biden says, "We will manage the hell out of" vaccine distribution — Biden taps ex-FDA chief to lead Operation Warp Speed amid rollout of COVID plan — Widow of GOP congressman-elect who died of COVID-19 will run to fill his seat.
  3. Vaccine: Battling Black mistrust of the vaccines"Pharmacy deserts" could become vaccine deserts — Instacart to give $25 to shoppers who get vaccine.
  4. Economy: Unemployment filings explode againFed chair: No interest rate hike coming any time soon —  Inflation rose more than expected in December.
  5. World: WHO team arrives in China to investigate pandemic origins.

John Weaver, Lincoln Project co-founder, acknowledges “inappropriate” messages

John Weaver aboard John McCain's campaign plane in February 2000. Photo: Robert Schmidt/AFP via Getty Images)

John Weaver, a veteran Republican operative who co-founded the Lincoln Project, declared in a statement to Axios on Friday that he sent “inappropriate,” sexually charged messages to multiple men.

  • “To the men I made uncomfortable through my messages that I viewed as consensual mutual conversations at the time: I am truly sorry. They were inappropriate and it was because of my failings that this discomfort was brought on you,” Weaver said.
  • “The truth is that I'm gay,” he added. “And that I have a wife and two kids who I love. My inability to reconcile those two truths has led to this agonizing place.”