Insurers defend covering ransomware payments

| Author: Secretariat | Filed under: General News
Insurers defend covering ransomware payments

The Association of British Insurers (ABI) has defended the inclusion of ransomware payments in first-party cyber-insurance policies.

It said insurance was "not an alternative" to doing everything possible to first minimise the risk.

However, it added that firms could face financial ruin without the cover.

Prof Ciaran Martin, former head of the National Cyber Security Centre, said the UK needed to rethink its policies on ransomware.

'Funding organised crime'

Ransomware is a form of malware in which infected computers are remotely locked by cyber-criminals, who then demand a ransom, often in the form of Bitcoin, to unlock them and return the data they hold.

There are many examples of businesses and public bodies which have chosen to pay because they do not have the data backed up, or cannot afford - or do not have time - to rebuild their systems from scratch.

The Guardian reported that Prof Martin, now at Oxford University's Blavatnik School of Government, said he believed insurers were "funding organised crime" by accepting ransomware claims, but he told the BBC the issue of how to tackle ransomware was far broader than just the insurance sector.

While official advice is not to pay the demand, it is not illegal to do so in the UK, he said.

"I have some sympathy with insurers, because as long as it's legal, there are incentives to pay."

While the ransom demand may be high, the alternative impact can also be devastating.

When the global aluminium producer Norsk Hydro was attacked in 2019, it cost the firm around £45m, and its profits in the immediate aftermath plummeted by 82%, reported Reuters.

Norsk Hydro refused to pay the demand, which would arguably have been cheaper - but it did have insurance.

A spokesman for the ABI said insurers do require that "reasonable precautions" are taken to prevent cyber-attacks from succeeding in the first place, just as cars and houses require security measures in place to deter thieves.

"Some might argue that any insurance that covers against a criminal act could lull the policyholder into a false sense of security," he said.

Prof Martin said he did not think that banning ransomware insurance claims would necessarily solve the problem.

"But it's worth a serious piece of consultation because if we continue as we are, things will get worse," he said.

Source:  BBC News

Working with the Law Society

The ABI is the only association in this industry to be recognised by the Law Society of England and Wales, and included in the Law Society of Scotland's approved Supplier Scheme.

The highest independent professional bodies for solicitors put their trust in us. We’re confident you can do the same.

The ABI other partners also recognise the value of affiliation to the principal professional body in the investigation and litigation support sector:

COURTSDESK SEARCHER is an on-demand search for court cases, or parties involved in court cases, in England and Wales and the Republic of Ireland.
Scotland Law Society logo
Professional Indemnity Insurance
Thank you, your message has been sent.
A member of our team will be in touch shortly.