Given the ambiguous approach taken by many governments on this issue, AXA’s disappointment with the lack of regulatory clarity is understandable.In the United States, the authorities discourage but not completely prohibit the payment of ransoms, even though the Treasury Department issued a report in October last year. note It warned that it may be illegal to pay a ransom to a sanctioned organization or individual. However, in many ways, this proposal only adds to confusion, because it is often not immediately clear who is supporting the cyber attack or may receive a specific ransom.
Ciaran Martin, a professor of practice at the University of Oxford and former CEO of the UK’s National Cyber Security Centre, said that on a global scale, this is “an area without laws.” “There is no evidence that countries are moving in the direction of telling insurance companies not to pay ransoms,” Martin said. “France has a tradition of informally conveying information to large companies, and this sounds likely to happen in the case of AXA.”
Regulators are not the only ones worried about insurance companies paying ransoms. Operators are also concerned about the number and scale of claims related to ransomware. According to Matthew McCabe, a senior consultant with global insurance broker Marsh, the increase in claims has led to a significant increase in the premiums and deductibles of online insurance policies.This week, meat processing company JBS confirmed that it has Paid a ransom of $11 million; According to reports, some recent ransomware needs Up to $50 million.
McCabe and others in the insurance industry are skeptical about whether prohibiting ransom payments will necessarily reduce the prevalence of ransomware. They worry that, on the contrary, the ban may mean that insurance companies will have to pay more claims for business interruption and data recovery services.
“If you prohibit payment of ransoms, what does it actually look like? Tarah Wheeler, a cybersecurity researcher at the Belfer Science Center at Harvard Kennedy School, said, because if it looks like paying a company to a ransomware gang A 10% fine of the payment does not mean that it is illegal, but only increases the payment amount and international affairs.
McCabe also suggested that prohibiting insurance companies from paying ransoms may make it more difficult to require their customers to take preventive security measures. He believes that insurance companies are in a good position to encourage companies to strengthen their defenses, although there is little evidence that this works in practice. It is also unclear that insurance companies are unwilling to pay ransoms on behalf of their policyholders in every case. “Companies are more willing to pay a ransom of several million, rather than a ransom of tens of millions, because the data guaranteed by their insurance policy is lost,” Say Guillaume Poupard, director of the French cybersecurity agency ANSSI, prompted AXA to make a decision at the roundtable. “We have to do a lot of work to break this vicious circle around paying ransoms.”
However, although the issue of ransomware payment ultimately depends on the regulator, the government is basically unwilling to do this work. “Unless the government decides to prohibit the payment of ransoms, insurance companies will be in a dilemma of having to formulate quasi-public policies,” Martin said, adding that although he would “cautiously welcome AXA’s decision”, “insurers should not be left alone Decide” to formulate public policies. “
Member of the Institute of Security Technology Ransomware Working Group Martin was divided earlier this year over whether paying the ransom should be illegal, and some participants expressed concern that such a decision would basically “criminal the victim.”
McCabe is skeptical of the idea of operator management about the excessive or unpredictable risks of ransomware, even if it continues to grow. “I think the insurance company hasn’t given up on it, or the risk is out of control, but it must have caused losses in the past year and beyond,” McCabe said.It continues to cause very direct losses to AXA. Its Asian aid department is Attacked by ransomware Just a few weeks after it decided to suspend payment of ransom in France. It is not clear whether this attack is related to the company’s earlier announcement, but it once again reminds people that many insurance companies still lack sufficient capabilities in protecting their systems from ransomware — let alone instructing them. How did the policyholders do this.
More exciting connected stories