Ransomware insurance is becoming more commonplace in the UK as a means of protecting against the financial impact of an attack, but concerns have been raised in some quarters.
As per a BBC report, the Association of British Insurers (ABI) has defended the concept, highlighting the value in being able to cover the costs of the ransom payment.
However, there are multiple problems with this approach, experts have claimed:
- It could mean businesses won’t do enough to protect their data in the first place
- It could fund organized crime
The idea that this approach could fund organized crime was brought up by Professor Ciaran Martin, former head of the National Cyber Security Centre, who argued that the UK needs to rethink its policies on ransomware.
“I have some sympathy with insurers, because as long as it’s legal, there are incentives to pay,“ he said. “It’s worth a serious piece of consultation because if we continue as we are, things will get worse,” he said.
Martin added that this doesn’t mean that paying the ransom should be banned, as that would probably not solve the problem either.
Commenting on the issue, a spokesperson for the ABI said insurers do require businesses to take “reasonable precautions”, to make sure they aren’t an easy target.