As reported by Reuters, cyber insurers and other financial institutions that facilitate payments to hackers to end cyberattacks risk running afoul of sanctions rules, the U.S. Treasury Department warned on Thursday.
The warnings, which referenced malicious programs known as ransomware, came in advisories from Treasury’s Office of Foreign Assets Control (OFAC)and Financial Crimes Enforcement Network (FinCEN).
Using cyber insurance as a quick and easy get-out-of-jail-free-card to avoid ransomware is not the way we are going to win the fight against cybercrime. In fact, this sort of action actually encourages the criminal behaviour to continue and those at risk will never learn. If insurers continue to pay, demands will simply go up.
Insurance works well for a car or a home, but that’s because they are replaceable with no knock-on effect. Losing access to data can be damaging to everyone involved directly and indirectly. I cannot see cyber insurance working in the future in its current state. It indirectly funds cybercriminals to pursue their attacks further and it can leave companies feeling invincible.
I do feel for those stuck between a rock and a hard place, but we must act now to help reduce the ongoing battle between the industry and these persistent threats.