Security News > 2020 > February > Cover for 'cyber' attacks is risky, complex and people don't trust us, moan insurers

EU companies aren't taking out insurance against attacks on online assets because the companies selling coverage aren't organised enough - while Brits are more likely to pay off ransomware crooks than others.

The "What is covered" argument was sharply highlighted by a number of high-profile court cases brought by insurance companies against their own customers, in efforts to evade paying out in the aftermath of cyber incidents.

Pascal Steichen of Luxembourg trade association Security Made in Luxembourg agreed: "I think that people are aware that this market is immature." But said insurers lashing out against their own customers was putting off clients: "I don't think they're afraid of the [sort of] clause that says 'in any case the insurance will not pay'" after a cyber attack.

Christophe Madec of French insurance broker Besse said, in translation: "In liability insurance damages, we know the price of a liability [for] car insurance. For cyber, it's a little bit more vague."

Later on, Rousseau observed: "British people would say it's more [important] to pay the ransom because you've got to pick your cause. If you can't deal with the subject in time, you won't be able to provide the sanctions which would be strong enough to counteract the benefit of insurance. Some other parts of the market would say 'No you should not pay the ransom'. Insurers have got different approaches."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/03/cyber_insurance_fic2020/