Given the continuing onslaught of ransomware attacks on organisations across the globe, the topic of ransom payments is a hotly debated one in the last 2 years. On one hand some bodies hold that paying ransom is only fueling more crime and supporting criminals, whilst the opposite view holds that paying the ransom is sometimes the only option as victims are faced with an existential problem. Last October-2020 FinCen (The Financial Crimes Enforcement Network a bureau of the United States Department of the Treasury) issued an advisory prohibiting the payment of ransomware demands.
This week however, the Association of British Insurers (ABI) issued a statement defending the notion of the inclusion of ransomware payments in first-party cyber-insurance policies. It said insurance was “not an alternative” to doing everything possible to first minimise the risk. However, it added that firms could face financial ruin without the cover.
It is worth reminding that at present it is not illegal in the UK or Europe to pay ransomware demands either via insurance or directly; although general extortion laws do prohibit the payment of ransoms to terrorists.
Cyber insurance claims statistics relating to ransomware have been escalating sharply in the last two years with 40%-50% of insurance claims globally being related to ransomware attacks, according to Marsh (one of the biggest insurance brokers in the world).
Moody’s Cyber Risk Update For 2021
This week, credit rating service Moody’s released its 2021 outlook for cybersecurity report. The agency predicts that the “continued proliferation” of ransomware attacks will force insurers to re-examine their cyber insurance policies and coverage over the coming year. Moody’s predicts that as more claims are made, policies covering ransomware will surge in price.
Click the button below to read ABI’s original blog article.