One of the benefits of cyber insurance, in case the insured is hit by a ransomware attack, is covering the payment of the ransom. Because of this, some critics have accused insurers of creating a market for ransomware, making it a profitable venture for cyber criminals.
Steve Robinson, US national cyber practice leader at RPS, disagrees with those allegations.
Robinson, in a recent IB Talk podcast, said he believes that cyber insurers are “at the forefront” of pushing information security and improved digital hygiene for businesses.
“I think insurers are leading the push through more stringent underwriting and through the process of their ransomware supplemental applications,” Robinson said. “I think the focus has been much more on prevention.”
Robinson also said that the presence of cyber insurance has been the difference between a company remaining in business and going under.
“If you ask a business who has been a victim of a cyber attack … because they had a cyber insurance policy, they still have a business,” he said. “That’s what insurance is for.”
Robinson said that insurers, working together with brokers and insureds, are raising the overall level of information security preparedness, which is for the benefit of everyone. Thus, insurers are not to be blamed for the uptick in ransomware attacks.
“The uptick is happening because [businesses] are easy targets in many cases,” he said. “Many businesses and organisations haven’t taken the proper measures to secure their networks from attack. Like any crime, the bad guys are looking for the easiest targets, the quickest payout and the least likelihood of being caught.”