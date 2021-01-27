Infosecurity Group Websites
Latest
News

UK Insurers Defend Covering Ransomware Payments

Insurance providers in the United Kingdom have defended the inclusion of ransomware payments in first-party cyber-insurance policies.

Cyber-risk insurance covers the cost of restoring loss to business income or reputation caused by damage to computers and computer networks.

The Association of British Insurers (ABI) said that while insurance was "not an alternative" to taking appropriate action to minimize risk, firms could suffer financial ruin without cyber coverage. 

The ABI comments were made in response to a warning issued earlier this week by the UK's former National Cyber Security Centre director Professor Ciaran Martin. Speaking to The Guardian, Martin said that insurers who pay out claims from companies who have paid ransoms to cyber-attackers to regain access to systems and data are funding organized crime. 

Martin, who stepped down from his position as Britain's top cybersecurity official last August, expressed concern that ransomware attacks were "close to getting out of control."

Extortion laws in the UK prohibit the payment of ransoms to terrorists; however, no legal barriers are in place to stop companies from paying ransomware gangs to retrieve exfiltrated data and system access following a cyber-attack. 

“People are paying bitcoin to criminals and claiming back cash. I see this as so avoidable," said Martin. 

"At the moment, companies have incentives to pay ransoms to make sure this all goes away. You have to look seriously about changing the law on insurance and banning these payments, or at the very least, having a major consultation with the industry."

He added: “The law is nobody’s fault, it was written for another purpose, but it has become OK to pay out to criminals."

An ABI spokesperson told the BBC that insurers do require customers to take "reasonable precautions" to prevent cyber-attacks from occurring. 

"Some might argue that any insurance that covers against a criminal act could lull the policyholder into a false sense of security," they said.

Martin, who now works at Oxford University's Blavatnik School of Government, told the BBC: "I have some sympathy with insurers, because as long as it's legal, there are incentives to pay."

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Deloitte Acquires Root9B

2
News

Trump Sex Scandal Video Is a RAT

3
News

Misconfigured Cloud Server Exposes 66,000 Gamers

4
News

Cook County Leaks 320,000 Court Records

5
News

Russian Government Agency Warns Firms of US Attack

6
News

Mastercard Introduces Quantum-Resistant Specs to Enhance Contactless Security

1
News

#RSAC365: #COVID19 Fundamentally Altered Global Attack Surface

2
News

#RSAC365: Will Recent Treasury Guidance Reduce Ransomware Payments in the US?

3
News

UK Insurers Defend Covering Ransomware Payments

4
News

Grindr Faces $11.7m Data Privacy Fine

5
News

Global Public-Private Partnerships Key to Fighting Cybercrime

6
News

Growing Digital Adoption Providing Extra Opportunities for Cyber-Criminals

1
Webinar

FTP, FTPS & SFTP: Which Protocol Should You Use, and When?

2
Webinar

Fulfilling Network Security Requirements and Business Needs

3
Webinar

The Top Five Security Metrics

4
Webinar

How to Secure the Most Vital Data Channel in Your Organization: File Transfers

5
Webinar

2021: The Year Zero Trust Overtakes VPN?

6
Webinar

Becoming a Next-Gen CISO: Leading from the Front

1
News Feature

The Growing Threat of #COVID19 Vaccine Phishing Scams

2
Blog

Taking the First Steps Toward Self-Repairing Endpoints

3
Opinion

Privacy Post-COVID: Predictions for 2021

4
Opinion

#HowTo: Build a Business Case for Cybersecurity Investment

5
Webinar

2021: The Year Zero Trust Overtakes VPN?