Cyber insurance was originally intended to protect organizations from the consequences of cyber attacks, including covering the financial costs of dealing with incidents. However, some critics say the insurance encourages ransomware victims to simply pay for the ransom, knowing that it will then be covered by insurers instead of having an adequate security system to deter hackers. Insurers claim that it is the customer who decides to pay the ransom, not the insurer. It is not illegal to pay a ransom to cybercriminals. But law enforcement warns that this is not a good idea – it gives the gangs an incentive to organize more attacks along with financial resources to carry out these attacks, notes ZDNet.
The loss of cyber insurance encourages organizations to pay ransoms, which can exacerbate the problem of ransomware. Still, cyber insurance can be used to improve security. This is the conclusion of researchers published in a document called RUSI. Ransomware – software for extortion and ransomware – is one of the biggest cybersecurity problems organizations face today. The requested amounts are constantly growing. Every business is under attack. And cyber insurers are already reviewing the coverage they offer. This can change the situation. According to a study in the field of cyber insurance by the Royal United Services Institute (RUSI), this practice not only encourages cybercriminals, but is also not sustainable for the insurance industry. In fact, according to the document, ransomware has already become an existential threat to some insurers.
“To date, cyber insurance has failed to live up to expectations that it can act as a tool to improve cybersecurity practices in organizations,” the analysis said. “Cyberinsurers may inadvertently facilitate cybercriminals by contributing to the growth of their ransomware operations.” Ransomware is one of the most significant cyber threats facing organizations today, not least because attacks are becoming more complex and cybercriminals are demanding ransoms. Refusing to pay a ransom can lead to months of non-functioning and huge losses for organizations trying to rebuild their networks from scratch.
According to RUSI, some victims and their insurers are willing to pay the ransom because they see it as the “lowest cost option” for the refund. Some ransomware gangs are even actively trying to attack organizations with cybersecurity policies and available cyber insurance because they believe this is the best way to ensure they make money. However, according to the RUSI report, cyber insurance can actually play a major role in actively destroying the ransomware business model, encouraging policyholders to improve their protection. So they should do as much as possible so as not to fall victim to ransomware. The document assumes that the insurances are concluded with a condition for a minimum probability of paying a ransom.
This means an obligation for organizations to have timely correction of critical vulnerabilities in IT structures that are accessed from the outside, multi-factor authentication of remote access services, limiting dangerous traffic through network segmentation, regular backup. There is already some evidence that change is imminent. According to a recent publication in the Financial Times, insurers are already increasing premiums and setting stricter requirements for cybersecurity strategies used by companies looking to use cyber insurance. The Washington Post reported that insurers demanded “high security” and reduced the amount of coverage they were willing to offer. All of these recommendations can mitigate the damage that a ransomware attack can cause. And this means that if an organization is attacked, the ransom payment would be an absolute last resort.
The News Highlights
- Cyber insurance appears to exacerbate the ransomware problem
- Check the latest world news updates and information about business, finance, technology and more.
- Check the latest update on tech news
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week