Bercy posted a report online in which it is mentioned that cyber insurance can reimburse the ransoms demanded in the context of cyberattacks. A surprising and disappointing decision!
In the event that a company is the victim of ransomware, which must pay a ransom to – perhaps – recover its data, and that it files a complaint, the Ministry of the Economy authorizes the cyber insurance of this company refunds the ransom as compensation. I insist on the fact that Bercy proposes to “condition the compensation of cyber-ransom insurance on the filing of a complaint by the victim“The fact that there is a complaint will strengthen support for the victim company, but also to be aware of this computer attack.
This decision will make a lot of noise, because it goes against the opinion of ANSSI and various cybersecurity experts. This is normal, because by paying the ransoms, cybercriminals are encouraged to continue, in addition to participating in the financing of their malicious activities. Moreover, it is surprising, but in the report of Bercy there is a paragraph which refers to the recommendations of the ANSSI which one can read in the guide “Ransomware attacks, everyone concerned” : “Lpayment does not guarantee obtaining a means of decryption, encourages cybercriminals to continue their activities, maintains this fraudulent system, is likely to contribute to the financing of terrorism”.
Beyond financing the activities of cybercriminals, this decision will also help insurance companies since companies will probably subscribe to a contract of this type in order to be compensated in the event of a cyberattack. However, this potential compensation from insurance can act as a safety net in the eyes of businesses, which may act as a brake on investments in cybersecurity.
Personally, I think that companies should already invest to improve the security of their information system and educate their employees, before relying on insurance. Compensation in the event of an attack is one thing, but money will not allow the company to redeem a reputation, and in the end, it will also have to review its information system in order to to secure. And then, cybercriminals are not stupid: if you pay the ransom once, they will want to come knocking on your door with a second attack to make you pay a second time.
The report is available here. Do not hesitate to share your opinion on this decision.
#Compensation #businesses #victims #ransomware #Bercy #valid