Cyber cover 'encourages vicious cycle' of attacks, DR specialist suggests

Cyber insurance policies that pay out on ransomware attacks are funding cyber criminals and creating a vicious cycle of further attacks, according to disaster recovery specialists at Databarracks.

The company is urging insurers to change their approach to “one of remediation rather than paying out ransoms”.

Managing director Peter Groucutt said paying a ransom may be a quick fix, but it is empowering hackers, and that discouraging organisations from paying is the only way to break the cycle.

“The ransomware situation won’t change if the status quo remains: the only winners are the criminals and the insurance companies. Criminals are confident their methods will succeed, and will continue to carry out attacks. Ultimately, businesses will be better off if they are discouraged from going down the payment route," he suggests.

“When an individual business suffers from a ransomware attack, its sole concern is to recover as quickly as possible to minimise its downtime and losses. When an insurance company looks at an individual claim, it has the same objective: to minimise downtime and its exposure to further business interruption claims. As a result, insurance companies will even recommend and facilitate paying the ransom as the lowest cost option. This is individual self-interest and it is harming the collective.

“Instead, insurance companies should shift to a policy where they don’t pay out for ransomware attacks as a matter of course. This can happen in two ways: one is through regulation to prevent these pay-outs, as has been suggested. Alternatively, the insurance industry makes a collective decision to make this change without external intervention.

“Cyber is a relatively immature insurance market without historical loss data to guide it. The rapid increase in the number and value of attacks may show insurers that continuing this cycle will make it unprofitable."

Groucutt has some additional pointers for insurers looking to tackle the ransomware issue.

“Firstly, as with other types of cover, insurance companies must carry out cyber hygiene checks on customers before entering an agreement. For smaller organisations that could mean having the Cyber Essentials Certification, or for larger organisations, a more thorough assessment of its cyber defences and backup and recovery provisions," he added.

“Secondly, insurers should rework their approach when an incident does happen. Rather than paying out to cover the cost of a ransom, they should emphasise remediation, so fixing the problem by helping the customer with cyber incident response, IT forensic services and assistance to restore data and get operations back up and running.”

    Share Story:

Recent Stories

Are property insurers ready for timber
The Structural Timber Association is gearing up to help all stakeholders in the construction supply chain to fully appreciate the advantages of building in timber, how to deliver such projects and most importantly to understand and manage the risks.

The changing face of BC and WAR
The working environment has changed quite dramatically for many over the last six months. With social distancing and the rise of homeworking, it is not just how businesses operate that has changed, but also how they recover. In this podcast we discuss some of the challenges created by the quick shift to home working, why the office may not have seen its last days and how the current environment can impact the ability of a business to recover.