French insurance company AXA has announced that, at the request of the French government, it will end cyber insurance policies in France that pay ransomware victims the ransom money paid to cyber criminals. AXA is one of the top five insurers in Europe and made this decision because ransomware attacks are a daily occurrence for businesses around the world.
The changes will only apply in France for now, after top French government cybersecurity experts and French senators raised concerns about massive payouts to cybercriminals at a roundtable in Paris in April. But also in Great Britain and the US, many politicians and pundits are already calling for ransomware insurance to be banned.
It was not until late April that the US government and international industry representatives decided Bitcoin Regulation urged to combat ransomware as hackers prefer to use cryptocurrencies as payment in their extortion attempts.
The company is responding to concerns raised by French cybersecurity and judicial officials during a Senate roundtable in Paris. According to ABC News, it was discussed here how to react to the devastating effects of ransomware attacks in France. According to the cybersecurity company Emsisoft, the damage caused by cybercrime in France last year amounted to 4.5 billion euros.
Other insurers could follow this step and extend their measures to other countries such as Germany, since ransomware attacks are a global phenomenon that knows no borders. Like the regulation of Bitcoin, this measure is also intended to curb the income of cybercriminals, who are now in average €250,000 for extortion.
“It is completely understandable that targeted businesses take the quickest and easiest route by paying the extortionists and having their insurance company reimburse these sums of money. After all, the attack represents an existential threat to their business,” says Eric Waltert, regional vice president of DACH at Veritas. “However, there are no guarantees or legal claims against criminals that companies will recover all your data or that hackers will not keep copies of important files for later action. Now the first major insurance company has made it clear that it will not reimburse such payments. This is another important reason for companies to protect their data rather than simply secure it.”
Waltert recommends that all customers rely on a consolidated platform for backup and recovery. In this way, companies can significantly reduce the risk of data loss and attacks on the entire infrastructure.