UK Insurers Defend Covering Ransomware Payments

Insurance providers in the United Kingdom have defended the inclusion of ransomware payments in first-party cyber-insurance policies.

Cyber-risk insurance covers the cost of restoring loss to business income or reputation caused by damage to computers and computer networks.

The Association of British Insurers (ABI) said that while insurance was "not an alternative" to taking appropriate action to minimize risk, firms could suffer financial ruin without cyber coverage. 

The ABI comments were made in response to a warning issued earlier this week by the UK's former National Cyber Security Centre director Professor Ciaran Martin. Speaking to The Guardian, Martin said that insurers who pay out claims from companies who have paid ransoms to cyber-attackers to regain access to systems and data are funding organized crime. 

Martin, who stepped down from his position as Britain's top cybersecurity official last August, expressed concern that ransomware attacks were "close to getting out of control."

Extortion laws in the UK prohibit the payment of ransoms to terrorists; however, no legal barriers are in place to stop companies from paying ransomware gangs to retrieve exfiltrated data and system access following a cyber-attack. 

“People are paying bitcoin to criminals and claiming back cash. I see this as so avoidable," said Martin. 

"At the moment, companies have incentives to pay ransoms to make sure this all goes away. You have to look seriously about changing the law on insurance and banning these payments, or at the very least, having a major ..

Support the originator by clicking the read the rest link below.