To protect companies from the cyberattack’s financial consequences, including the expenses of addressing the issues, cyber insurance is created.
However, critics claim that insurance enables victims of ransomware to just make payments for the ransom instead of having proper cybersecurity to discourage hackers since the money will be reimbursed by the insurers.
Law enforcement officials stress that while paying a ransom to a cybercriminal is not illegal, it will provide the hack groups with finances to conduct additional operations. Insurers say that the client, not the insurer, decides the ransom payment.
A research paper is made by the Royal United Services Institute (RUSI) on the challenges of cybersecurity and cyber insurance. It said that the practice is not sustainable for the cyber insurance sector, and it encourages cybercriminals.
RUSI stated that for certain insurers, ransomware is an emerging challenge. Cyber insurers could be inadvertently enabling cybercriminal behavior by adding to the rise of targeted ransomware attacks.
Cyber insurance has so far failed to reach the expectations that it might be used to improve companies’ cybersecurity policies.
Companies’ refusal to ransom payment can result in system downtime. Besides, companies will have high expenses from trying to rebuild the networks from the ground up.
RUSI said that several victims and their insurers will decide to pay the ransom because it is the cheapest solution for recovering systems. Therefore, cyber insurance does not appear to be contributing to the strengthening of cybersecurity at this time.
Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), stated that ransomware is among the most serious cyber risks that companies currently face. Cyberattacks get more complicated, and cybercriminals want higher ransom demands.
According to the research, respondents from industry, companies, and government, generally stated that cyber insurance’s advantages on cybersecurity have still yet to manifest completely.