Insurers may no longer cover ransomware

For some time now, insurance companies have been singled out.

Especially because of a remark about their tendency to pay the ranks are demanded by hackers during ransomware attacks. According to several authorities, in particular the National Information System Security Agency and the Paris prosecutor's office, this behavior encourages the increase in computer attacks. Faced with mounting criticism, the insurance company AXA France is the first insurer to suspend this option from its insurance policy.

In practice, there is no denying that since 2020, hackers who operate on ransomware have literally taken their ease and multiplied their operations. All layers and sectors are affected by the proliferation of ransom programs. In 2021 the trend remains constant.

This article will also interest you: Should we be wary of Cyber insurance

In a study carried out by opinion way, on behalf of the club of computer security experts, 19% of French companies, i.e. one in five companies, reported being the victim of a ransomware attack in 2020. 57% of businesses admitted to having experienced computer attacks of any kind.

According to another study conducted by the insurance company Hiscox on the security of small and medium-sized enterprises and very small businesses, 2 out of 3 companies generally agree to pay the ransom demanded by hackers to have the decryption keys necessary to unlock their computer systems or files. While more studies are needed to confirm these figures, the reality is not that far from that.

To protect businesses in a certain way, insurers have provided options to guarantee against the risk of computer attacks with ransomware. In other words, if the business is attacked or a ransom is demanded, it will be refunded at the limit that has been set by the franchise. The problem is that paying hackers seems to be a way to motivate them to continue. Especially when companies find that they have nothing to lose because she is paying herself back.

It is in this context that during the senate hearing a few weeks ago, the National Agency for Security of Information Systems and the Paris prosecutor's office pointed the finger at this practice of insurers they urged them to stop it.

In this regard AXA then decides to suspend its guarantee, a guarantee "including the refund of the ransom and the associated support service (is suspended) pending clarification of the regulatory plan of this type of coverage," EXPLAINs AXA France in a letter sent to its broker partners.

"The repayment of ransoms has become a topic of place for cyber-insurance. In this context, AXA France, which had completed its range of an option in this regard, considered it appropriate to suspend its commercialization until the consequences were drawn from these analyses and the insurance intervention framework was clarified. It is essential that the government implements its position on this issue in order to allow all market players to harmonize their practices," stresses the insurer.

But the reality is clear on the side of the Paris prosecutor's office and the National Information Systems Security Agency. "France is now one of the most attacked countries in terms of ransomware (…) because we pay ransoms too easily," says Johanna Brousse, deputy prosecutor in charge of the cybercrime section of the Paris prosecutor's office. She does not hesitate to denounce these contracts which "guarantee the payment of ransoms" because "paying ransoms penalizes everyone. This encourages hackers to attack our economic fabric more easily because they say to themselves: 'the French pay anyway'.

Now access an unlimited number of passwords:

Check out our hacking software