In the coming days, insurance companies might reconsider their approach to funding ransomware payments, as a White House official has called for a mandatory directive on the matter.
This topic was raised at the 4th Annual International Counter Ransomware Initiative summit in the U.S., which brought together representatives from over 68 member nations to explore strategies for combating the growing ransomware threat.
Anne Neuberger, the National Security Advisor for Cyber and Emerging Technologies, advocated for insurance companies to stop covering ransomware payments. She argued that such coverage encourages victims to pay ransoms with the expectation of reimbursement, ultimately perpetuating the cycle of crime. This could lead to the same victims being targeted multiple times.
This potential shift could significantly impact cyber insurance providers. If insurance policies no longer cover ransom payments, many customers may reconsider purchasing new policies or renewing existing ones, especially if they’re paying high premiums without adequate protection.
However, Neuberger acknowledged that in scenarios where data or application recovery is impossible, paying the ransom might be the only viable option. Delaying such payments could result in irreparable damage to a business.
Back in November 2019, authorities issued warnings to Western businesses about the risks of paying ransoms, noting that it could incentivize criminal activity and did not guarantee access to a decryption key.
Despite this, law enforcement later clarified that payment should be considered only as a last resort when recovery options have been exhausted and a business is on the brink of collapse.
What are your thoughts on cyber insurance coverage for ransomware payments?
Vox Pop, Welcome!
Ad