Over the past two years, security analysts have been discussing the impact of cyber insurance on ransomware attacks. There have been claims that companies covered by cyber insurance end up paying higher amounts to hackers who launch such attacks. Tech platforms like Quora and Reddit have even allowed discussions on which cyber insurance covers attract the most criminals, adding fuel to the debate.
To address these concerns and put an end to speculative discussions, the National Cyber Security Centre (NCSC) partnered with the Research Institute for Sociotechnical Cyber Security to conduct a comprehensive study. The aim was to investigate whether having insurance coverage influences cyber criminals to demand more from their victims and whether insurance companies secretly pay commissions to these criminals for demanding higher ransoms.
After meticulous research and analysis, the joint report from NCSC and the Research Institute revealed that there is no “compelling evidence” suggesting that ransomware attack victims with cyber insurance end up paying more than those without any insurance coverage. The findings indicated that being covered by a cyber insurance policy did not significantly impact the ransom amounts paid by the victims.
Furthermore, the evidence collected during the study did not indicate any suspicious collaboration between insurance companies and ransomware spreading criminals. There were no indications that these companies incentivize or encourage hackers to demand higher ransoms from insured victims to maximize their own benefits.
In response to the growing concern over ransomware threats, British officials from Whitehall have initiated discussions on a Counter Ransomware initiative. They recognize that various government departments face acute digital threats and are actively seeking measures to combat cybercrime. The British Parliament, in collaboration with the NCSC and other government partners, is working to implement effective strategies to counter this rising cyber threat, which poses significant challenges to businesses and organizations operating in the country.
While concrete actions are being taken to address the issue, it remains crucial to safeguard IT assets from file encrypting malware threats. Additionally, efforts must be made to ensure that insurance firms do not engage in any collusion with criminals, ensuring a more secure and resilient cybersecurity landscape for businesses and individuals alike.
