Login

Register

Login

Register

Does Ransomware Insurance Encourage Ransomware Attacks? | #malware | #ransomware | #cybersecurity | #infosecurity | #hacker



The viability of ransomware insurance will depend on a requirement for core cybersecurity practices.

The issue at the heart of ransomware insurance will be familiar to most parents of young children: Rewarding bad behavior only invites more of the same, so it’s generally not a good idea. But critics of the ransomware insurance industry argue that’s exactly what the practice does.

Ransomware insurance has by now long been suspected of excusing lax security practices and inspiring confidence among cybercriminals that they’ll receive a timely payment following a successful breach.

It’s difficult to determine exactly how widespread ransomware claims are because companies don’t exactly jump at the chance to discuss their run-ins with ransomware publicly. But it’s safe to assume that claims have risen alongside an undeniable surge in ransomware attacks.

Another issue with the cyber insurance industry stems from the fact that paying a ransom is no guarantee that data will be returned. In our recent report on the hidden costs of ransomware, nearly 20% of respondents were not able to recover their data even after making an extortion payment.

The Paris-based insurance giant AXA broke new ground this year by announcing it would stop insuring against cyberattacks, citing a lack of guidance from French regulators about the practice. It’s worth remembering that the FBI “does not support paying a ransom in response to a ransomware attack.”

So, if U.S.-based insurers were to follow AXA’s logic, they, too, would stop covering ransomware payments. So far, few have–for now.

Doomed to Be a Short-Lived Sector?

The industry publication InsuranceJournal.com recently wrote in a post on its site that “pressure is building on the industry to stop reimbursing for ransoms.” Before ransomware went rampant, the article notes, cybersecurity insurance was a profitable sub-category of the insurance business as a whole. But those days may be numbered. The sector is now “teetering on the edge of profitability,” according to the post’s author.

It’s well-known within cybersecurity circles that ransomware actors will conduct advanced research to determine if a potential target is insured. If so, it’s hardly a deterrent since it increases the likelihood a payment will be made.

It winds up being a self-reinforcing cycle. As ProPublica wrote in its study of the industry, “by rewarding hackers, it encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies.”

A commonly cited defense of ransomware insurance is that it not only protects against the cost of the ransom, but also against knock-on expenses from ransomware like downtime, reallocation of tech resources and reputational damage. We know from our own research that these costs can be significant, so there’s some validity to this argument.

But the real question the cyber insurance industry needs to answer is whether it can ever again be profitable. A recently released paper from the British defense think tank Royal United Services Institute (RUSI), titled Cyber Insurance and the Cyber Security Challenge, identified this as one of the key challenges to the industry’s viability.

That paper found that “there is arguably too little global premium to absorb losses from a systemic event.” In other words, the next NotPetya could sink the industry.

Ransomware, on the whole, has caused losses in the cyber insurance industry–not least because, “unlike the majority of risks insurers cover, ransomware attacks are both a high-impact and a high-probability risk.”  Click on Page 2 to continue reading…

(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = “https://connect.facebook.net/en_US/sdk.js”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW