Ransomware: why insurance against cyber attacks makes everything worse

Deal data hijacking

Why Cyber ​​Attack Insurance Makes Everything Worse

benedict fuest

After a hacker attack, many companies quickly pay the required ransom.  The reason for this often lies in their insurance contracts. After a hacker attack, many companies quickly pay the required ransom.  The reason for this often lies in their insurance contracts.

After a hacker attack, many companies quickly pay the required ransom. The reason for this often lies in their insurance contracts.

Source: Bloomberg/Chris Ratcliffe

Companies take out insurance against hacker attacks. Ransom payments are often included. But it is precisely these protection clauses that are increasingly becoming a problem.

ANn the morning of May 7, Joseph Blount, chief operator of the Colonial pipeline, received some bad news from his control center in the US state of Georgia: The computers that control the most important pipeline for petroleum products along the entire East Coast of EE no longer runs. Instead, the technicians find a ransom note on the hard drive: “Pay or your computer will stay down, and with it the pipeline.”

Colonial asks the FBI for help, and the US cyber security agency CISA comes along as well. But the experts are not putting the control center back online. On the night of May 7, Blount transferred $4.4 million to the extortionists in the form of 75 bitcoins.

also read

Cyber ​​crime, a hacker using a virus to attack software Getty ImagesGetty Images

A decision that should have been easy for him because the pipeline was secured against cyber attacks. But that’s part of the problem: ransom payments from insurers are like gasoline on fire. Malware extortion, which encrypts data on a victim’s computer and only restores it for payment, has become a separate line of business.

Hackers know that companies pay if they have insurance. And that they pay quickly so that they can continue working as quickly as possible. It was learned that Colonial had insured against cyber risks with the two insurance companies Axa and Beazley through the Lloyds of London insurance exchange.

Quick payment will be rewarded

As is well known, the policies of the two providers also include a business interruption clause. The cost of the pipeline failure is likely to far outweigh the bailout. Therefore, from the point of view of the insurer, it is logical that the ransom be paid as soon as possible and, therefore, at least minimize the damage.

The Düsseldorf Ergo insurer also covers the cost of ransom payments for its policies. Systems are usually restored and rolled back very quickly after the ransom has been paid. Any consequential costs can usually be reduced in this way.

also read

ILLUSTRATION - On Dirk Aversch's Thematic Service Report of March 18, 2020: Quickly share what just came in as incredible news?  D better not!  First check if it is harmful fake news.  Photo: Markus Scholz/dpa-tmn - Free only for subscribers of the dpa theme service +++ dpa theme service +++

But the attackers count on that. Unwittingly, the insurance industry makes crime more attractive to fraudsters: “The number of insurance claims and the costs associated with blackmail software have increased in recent years,” says Christian Gründl, member of the board of Ergo’s commercial and industrial businesses.

“Attackers naturally have worthwhile targets in mind. High-income companies are more likely to be affected,” says Axa in Germany. Because they are usually well insured. But Axa does not want to rule out paying ransoms in Germany: “In Germany, too, ransom insurance is controversial. A Strict regulations of the financial supervisory authority apply to this, which of course we comply with accordingly.” However, the surrender insurance is “legally permissible. Currently no change in our labeling behavior for the German market has been decided.”

also read

Laser link between a ground station and the

Axa is therefore following a different strategy in Germany than in its home country of France: the insurer has been excluding the payment of cyber ransoms there since early May, under pressure from prosecutors and the government at a round table. with insurance companies in Paris.

But this pressure does not exist in Germany: The German Federal Office for Information Security warns against paying ransoms. And the Federal Financial Supervisory Authority (BaFin), which is responsible for insurers, is also aware of the problem: Combining ransom insurance policies with other insurance companies is prohibited in Germany, with the intention of making kidnappings are not attractive.

The safeguard clause cannot be announced

But there has been an exception for cyber insurance since 2017, they may contain a ransom protection clause, only this cannot be publicly announced. Experts doubt that this confidentiality clause will prevent well-informed hackers from attacking in Germany.

“Ransomware is everywhere now,” says Mikko Hypponen, principal investigator at Finnish IT security provider F-Secure. He warns: “Insurers should change their clauses. Otherwise, they make the problem worse.”

It’s so easy to fall victim to a hacker attack

Source: Martin Heller/WORLD

But at least in Germany, payment is still allowed. “It is more questionable how long cyber insurance with a business interruption clause can remain economically viable in view of the incentive problem,” comments a regulatory expert at a large German insurance company. “The premiums just don’t give up on that in the long run.”

This is where you will find third-party content.

In order to display the embedded content, your revocable consent is required for the transmission and processing of personal data, as providers of the embedded content such as third-party providers require this consent. [In diesem Zusammenhang können auch Nutzungsprofile (u.a. auf Basis von Cookie-IDs) gebildet und angereichert werden, auch außerhalb des EWR]. By setting the switch to “on”, you agree to this (which can be revoked at any time). This also includes your consent to the transfer of certain personal data to third countries, including the US, in accordance with Art. 49 (1) (a) of the GDPR. You can find more information about it. You can withdraw your consent at any time through the switch and privacy at the bottom of the page.


Leave your vote

Leave a Comment

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.