[ad_1]
AXA’s frustration at the lack of regulatory clarity is understandable due to the ambiguous approaches taken by many governments on the issue. In the United States, authorities have not completely banned the payment of ransoms, even though it was released last October by the Treasury Department notice warning that some rescue payments may be illegal if they are made to sanctioned organizations or individuals. In many ways, however, this advice exacerbates the confusion, as it is often not immediately clear who is behind a cyberattack or who may receive a certain ransom payment.
Ciaran Martin, an intern at Oxford University and former director general of the UK’s National Cybersecurity Center, says it is a “lawless area” worldwide. “There is still no evidence that the country is on its way to telling insurance companies not to pay bailouts,” Martin says. “France has a habit of conveying messages informally to large corporations, which seems to be the case,” in the case of AXA.
Regulators are not the only ones responsible for paying for insurance. Carriers are also concerned about the number and size of claims related to ransomware. Matthew McCabe, chief adviser to global insurance broker Marsh, said that the rise in claims has significantly increased cyber insurance policy premiums and deductions. This week JBS confirmed the meat processing company He paid a $ 11 million ransom; there seem to be some recent ransomware requests $ 50 million.
McCabe and others in the insurance industry are skeptical that banning bailout payments would necessarily reduce the prevalence of bailouts. They fear, instead, that the ban would require insurers to pay more claims for business interruption and data restoration services.
“If you ban the payment of ransoms, what is it like? Because companies seem to be fined 10% of what they paid to the ransomware gang, which doesn’t make it illegal, it’s just a bonus to the payment, “said Tarah Wheeler, a member of the Belfer Center for Science cybersecurity at Harvard Kennedy School and International Affairs.
McCabe also suggests that insuring a ban on covering up rescue payments may make it harder to ask customers to take precautionary security measures. The insurance carrier argues that they are well positioned to encourage companies to promote their defenses, although there are few suggestions that it has worked in practice. It is not clear in all cases that insurers prefer not to pay bailouts on behalf of their policyholders. “Companies would rather pay millions in ransoms than pay tens of millions for the loss of data covered by the insurance policy taken out,” he said Guillaume Poupard, director of the French cybersecurity agency ANSSI, pushed the AXA decision around the table. “We have a lot of work to do to break the vicious circle around paying rescues.”
But while the question of whether to pay the ransom will eventually be in the hands of regulators, governments have not been willing to do that work. “Unless governments decide to ban bailout payments, insurers are in a difficult position to invent an almost public policy,” says Martin, and while “AXA’s decision would be prudently welcomed,” it should not be left to the public to make insurance policies public. “
Members of the Institute of Security and Technology Ransomware Task Force When Martin offered what he had offered earlier in the year when asked whether the payment of ransoms should be illegal, several participants expressed concern that the decision would essentially “criminalize victimization”.
McCabe is skeptical that ransomware is too risky or unpredictable for carriers to handle, even though it continues to grow. “I don’t think insurance has waived it yet, or the risk can’t be managed, but it has taken its toll in the last year and since,” McCabe said. AXA’s toll remains very straightforward as it had the Asia Assistance division hit by a ransomware attack In France a few weeks after the decision to cancel the payment coverage. It’s unclear whether the attack is linked to the company’s earlier announcement, but it’s another reminder that many insurers are still poorly stocked to protect their systems from ransomware, let alone explain to their policyholders how to do so.
More great KABEKO stories
[ad_2]
Source link
