Posted Sep 30, 2022, 7:51 AM
Has the Ministry of the Economy opened Pandora’s box? In its recent report for the development of cyber insurance, the Treasury notes the possibility for insurers to compensate companies that pay ransoms for cyberattacks, provided that the victim company files a complaint. This green light follows that of the Ministry of the Interior, in its orientation and programming bill.
“This announcement provokes strong reactions in the community of cybersecurity professionals, and raises many questions”, reacts the Club of experts in information and digital security (CESIN). The association, which brings together 800 professionals from the world of industry, services and finance, fears a spiraling phenomenon. Last week, 82% of members (out of 249 respondents) voted against Bercy’s proposal in an online survey. Only 9% were in favor and the rest had no opinion.
Side effects
The CESIN points to several undesirable effects of the measure: “the risk of encouraging cybercrime, the pressure that insurers could exert on their customers to pay the ransom if it turns out to be lower than the costs of remediation, the increased risks of recurrence for the company […], the spread of unscrupulous intermediaries to negotiate with criminals, etc. “.
Amrae, the French Association of Risk Managers for Large Companies, also recommends that its members not pay digital hackers. She also fears that insurers do not provide technical support or do not compensate the operating losses of a company that decides not to pay the requested ransom.
Bercy does not minimize the risks, but considers that the possibility of compensating the payment of ransoms constitutes “a point of balance between the desire not to finance the ecosystem of cyberattackers and that of avoiding the death of SMEs and VSEs affected. by an attack. The practice is not illegal in France. Several insurers, including AXA France and Generali, had nevertheless waived this pending clarification from the authorities.
Cyberwar
The issue of ransoms is not the only point of tension around digital risks. CESIN has questions about compensation for attacks of state origin, for which it is difficult to name the assailant.
The public authorities consider that it is “premature” to settle the question of the insurability of claims that could be caused by a cyberwar. The Treasury report recommends the creation of a “dedicated working group” on this subject, alongside other measures intended to boost the cyber insurance market, which is still embryonic.
What benchmarks in a constantly changing world?
Political uncertainties, scientific innovations, war in Ukraine, energy and ecological transition… How to understand these changes? How to position yourself? Every day, the 200 journalists from the “Echos” editorial staff help you decipher economic, political and international news through surveys, analyses, press reviews, chronicles and editorials. Our subscribers know that they can rely on these resources to better navigate our complex environment and make the best strategic decisions.