Despite the anticipation of cyber risks by private or public actors, or even the obligation they have to do so (for an overview of the legislation, see the very recent Cybersecurity CodeDalloz, 2022), the occurrence of an attack on an information system can have devastating individual or collective, social, economic or legal consequences. At the same time, cyber risk insurance is developing with difficulty, raising many questions such as the insurability of a ransom or an administrative fine.
Cyber risk insurance is a subject giving rise to significant debate and much thought. The report issued on September 7 by the Directorate General of the Treasury on this topic is a further illustration of this. Responding to the request of Bruno Le Maire, Minister of the Economy, Finance and Industrial and Digital Sovereignty, it is the culmination of a year of reflection within a working group made up of various players in the sector. including the services of the General Directorate of the Treasury, representatives of insurers and companies, the ACPR, ANSSI, insurance and reinsurance companies, insurance distributors, actuaries, and experts from the academic world .
The reasons justifying such work are simple: the digitization of our economy creates new risks weighing on companies known as “cyber risks”. The latter materialize, most often, in cyberattacks. The report finds that 54% of French companies were the subject of a cyberattack in 2021 (p. 9). In view of our dependence on the digital ecosystem, the increase in volume, frequency and complexity of cyberattacks, as well as the importance of the issues (the very survival of companies), a market…