Posted on Oct 13, 2021 7:17 PMUpdated Oct 13, 2021, 7:39 PM
New warning shot for business insurers. A parliamentary report published on Wednesday recommends banning insurers from paying for ransoms demanded by hackers from companies whose data they are taking hostage.
“The payment of ransoms feeds cybercrime and nothing guarantees that the ransom paid is a pledge of a return to the initial situation,” writes the deputy of the Loire, Valéria Faure-Muntian (LREM). The payment even encourages cybercriminals to reoffend and encourages others to design cyber attacks ”.
The deputy, specialist in insurance, also recommends in this vein “to sanction companies, administrations or communities which proceed to the payment of ransoms”. One way, suggests the report, to draw the consequences of a directive of the American Treasury in this direction. Going back to October 2020, it would have, according to some, created “a postponement of criminals from the ‘American market’ to the ‘French market'”.
Explosion of ransomware attacks
These recommendations are published as the number of attacks by malware that encrypts data – ransomware – has quadrupled between 2019 and 2020, according to the National Information Systems Security Agency (Anssi).
The publication of the report, insisting on better prevention, comes at a time when the government has made cybersecurity one of its priorities. Bercy launched a national consultation on cyber insurance, supposed to lead to an “action plan” at the beginning of 2022.
Last spring, the boss of Anssi had created the debate by denouncing the “troubled game” of certain insurers encouraging companies to pay ransoms. Shortly after, the deputy Valéria Faure-Muntian had pleaded for a ban of this practice, evoking the stakes of the financing of terrorism.
The Anssi pleads for a “ban or at least a strict framework of the coverage of the payment of ransoms in cyber insurance policies”. The agency argues that cybercriminals “now target the files of insurers to then attack their customers and thus have increased guarantees of payment.”
For many insurers, however, the subject is delicate. Because, they say, the survival of the company is sometimes at stake and there is no other solution for it than to pay. And to explain, among other things, that a regulation would only make sense at the international level.