Ransomware is one of the biggest cybersecurity issues facing organisations today but as claims mount and cyber insurers look at the coverage they are offering, changes may be coming.
Cyber insurance is designed to protect organisations against the fallout of cyber attacks, including covering the financial costs of dealing with incidents. But some critics argue that insurance encourages ransomware victims to simply pay the ransom demand which will then be covered by the insurers, rather than have adequate security to deter hackers in the first place. Insurers argue that it's the customer that makes any decision to pay the ransom, not the insurer.
It isn't illegal to pay cyber criminals a ransom demand but law enforcement agencies warn that doing so will give the gangs funds to launch more attacks.
According to a research paper examining cyber insurance and the cybersecurity challenge by defence think tank Royal United Services Institute (RUSI), this practice isn't just encouraging cyber criminals, it's also not sustainable for the cyber insurance industry, which warns ransomware has become an existential threat for some insurers.
View Full Article