cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cyber insurers are key to solving persistent ransomware threat

The importance of private insurers, in collaboration with governments, is key in boosting society’s resilience to ransomware, according to Geneva Association’s latest report.

user iconReporter
Thu, 21 Jul 2022
Cyber insurers are key to solving persistent ransomware threat
expand image

Governments should do more to counter ransomware attacks, the Geneva Association has urged. Their report, titled Ransomware: An insurance market perspective, listed disrupting cyber criminal business models, fighting illicit use of cryptocurrencies, promoting cyber hygiene throughout business and society as the major areas that need investment and attention.

Darren Pain, author of the report and the Geneva Association's director of cyber and evolving liability, noted that the ransomware landscape is now highly evolved and sophisticated, especially with the development of ransomware-as-a-service (RaaS).

"Would banning ransom payments be a viable solution?


"Such ransomware attacks are driving significant increases in insurance claims and, as a consequence, premiums.

"According to our study, insurance companies do not think so," Pain said.

The Geneva Association's report analyses the complex policy issues surrounding ransomware and possible solutions to counter this epidemic in cyber crime, including the contribution of insurance to boosting cyber resilience.

Prohibiting ransom payments or their reimbursement by insurers would likely drive transactions underground, Pain further explained, forfeiting the ability of the authorities to record, analyse incidents and prosecute criminals.

"Furthermore, the last thing we should do is take steps that might discourage smaller firms from taking out cyber insurance, the benefits of which go well beyond reimbursing ransoms."

The frequency of ransomware attacks, a form of cyber extortion, has been steadily rising along with the size and nature of ransom demands.

Cyber criminals are deploying more sophisticated approaches to target governments, businesses and individuals, with serious and costly effects.

The growth of the ransomware-as-a-service (RaaS) business model has also enabled threat actors with limited technical skills to launch highly disruptive attacks.

According to new Geneva Association data, the cyber insurance provides vital financial protection and operational support in the event of an attack, but ransomware has contributed to the recent deterioration in cyber insurers' underwriting performance. Ransomware accounted for 75 per cent of all cyber insurance claims in 2020 and is also likely to have been the costliest loss event category in 2021.

The managing director of the Geneva Association, Jad Ariss, further explained that ransomware demonstrates the important "prevention and mitigation" role insurers play as risk managers.

"They control a critical lever with their ability to incentivise customers to maintain strong cyber security controls and standards, helping to reduce firms' vulnerability to attack and boost their cyber resilience."

"Governments and regulators have their levers, too, and as our report highlights, they need to rein in the illegal use of cryptocurrencies and do more to ensure information exchange about incidents as well as improve international cooperation among law enforcement," Ariss said.

[Related: ACCC’s new 3-step plan to stop malicious cyber actors from targeting Australia]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.