Following the news that in an apparent industry first, the global insurance company AXA says it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to cybercriminals, please see below for comments from cybersecurity experts.
<p style=\"font-weight: 400;\">Cyber insurance can offset the risk posed by cyber-attacks and is intended to offer organisations reassurance that the costs of a breach will be picked up.</p> <p> </p> <p style=\"font-weight: 400;\">However, it\’s very hard to count the true cost of a breach. If a company’s private data is hacked and leaked, it suffers an immediate financial hit which can be mitigated by insurance. But the long-term reputational damage is almost impossible to estimate. Lose your customers’ trust once and you may never get it back.</p> <p> </p> <p style=\"font-weight: 400;\">By refusing to pay out claims for extortion payments, AXA is taking a hard stance. But this approach is unlikely to deter ransomware gangs. Faced with extortion, many organisations will opt to pay the ransom rather than risk reputational and financial damage. That\’s not going to change.</p> <p style=\"font-weight: 400;\">Hackers will continue to use ransomware to target their victims for as long as it is profitable, so something radical needs to happen in order to break this cycle.</p>
<p style=\"font-weight: 400;\">We need to make it more difficult for cybercriminals, especially ransomware criminals, from being successful and AXA has made a significant step in the right direction. In the past year, I have seen an increase in ransomware victims, whether it being a business that lost an entire year’s worth of digital data or citizens who lost their entire digital life, so we must do what we can to reduce the success of ransomware. In recent years we have seen cyber insurance on the rise, with some insurance companies even negotiating with the cybercriminals for a discount, however, this is just making ransomware crime more lucrative and successful for the criminals. </p> <p> </p> <p style=\"font-weight: 400;\">We must educate companies and citizens on how to reduce the risks and become more resilient so that paying a ransom is not even an option to consider. AXA Insurance has taken a step in the right direction in France by refusing to write cyber-insurance policies that would reimburse victims who fund future crime through ransomware payments. It is also important to note that the recent cyber research by <a href=\"https://thycotic.com/resources/cyberedge-2021-cyberthreat-defense-report/\" data-saferedirecturl=\"https://www.google.com/url?q=https://thycotic.com/resources/cyberedge-2021-cyberthreat-defense-report/&source=gmail&ust=1620739119781000&usg=AFQjCNFf2imytKf0CqlfQn_w4wn040tLCg\">CyberEdge</a> showed that most victims who pay the ransom are unsuccessful in getting their data recovered.</p>