Security News > 2021 > July > Cyber insurance model is broken, consider banning ransomware payments, says think tank
Cyber insurance isn't exactly driving organisations to improve their infosec practices, a think-tank has warned - and some insurers are thinking of giving up thanks to the impact of ransomware.
"To date, the shortcomings of cyber insurance mean that its impact is ultimately more limited than policymakers and businesses might hope," concluded the Royal United Services Institute's latest report, Cyber Insurance and the Cyber Security Challenge.
"I think, based on what we've found, cyber insurance is not that silver bullet that maybe people were hoping or thought it was," report co-author Jason Nurse, a senior Lecturer in cyber security at the University of Kent told The Register.
In a world beset by all-but-untouchable ransomware gangs, cyber insurance has two selling points as far as politicians and political policymakers are concerned: insurance could help limit the financial damage to organisations hit by ransomware, while due diligence by insurers and their brokers could help force relative slackers to adopt better security hygiene.
The British government's view is that cyber insurance that pays ransoms to criminals is, as the National Cyber Security Centre put it last year, a matter for individual board members.
Although The Register asked whether it would condemn the use of cyber insurance to pay ransoms, the GCHQ offshoot wouldn't be drawn.
News URL
Related news
- Data breaches trigger increase in cyber insurance claims (source)
- Facing the uncertainty of cyber insurance claims (source)
- The future of cyber insurance: Meeting the demand for non-attack coverage (source)
- Cyber Insurance Policy (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)