Security News > 2021 > July > Cyber insurance model is broken and ransomware payments should be banned, says think tank
Cyber insurance isn't exactly driving organisations to improve their infosec practices, a think-tank has warned - and some insurers are thinking of giving up thanks to the impact of ransomware.
"To date, the shortcomings of cyber insurance mean that its impact is ultimately more limited than policymakers and businesses might hope," concluded the Royal United Services Institute's latest report, Cyber Insurance and the Cyber Security Challenge.
"I think, based on what we've found, cyber insurance is not that silver bullet that maybe people were hoping or thought it was," report co-author Jason Nurse, a senior Lecturer in cyber security at the University of Kent told The Register.
In a world beset by all-but-untouchable ransomware gangs, cyber insurance has two selling points as far as politicians and political policymakers are concerned: insurance could help limit the financial damage to organisations hit by ransomware, while due diligence by insurers and their brokers could help force relative slackers to adopt better security hygiene.
The British government's view is that cyber insurance that pays ransoms to criminals is, as the National Cyber Security Centre put it last year, a matter for individual board members.
Although The Register asked whether it would condemn the use of cyber insurance to pay ransoms, the GCHQ offshoot wouldn't be drawn.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/07/01/rusi_cyber_insurance_report/
Related news
- A Cyber Insurance Backstop (source)
- IT leaders think immutable data storage is an insurance policy against ransomware (source)
- Avoid high cyber insurance costs by improving Active Directory security (source)
- Cyber Insurance Policy (source)
- Ransomware group maturity should influence ransom payment decision (source)