![]() ![]() ![]() Many businesses purchase cyber insurance because it offers ransom payment coverage and if that is not allowed, smaller businesses that could not afford the payments without insurance would be harmed far more than larger business that can pay, they contend. Some have argued that businesses sometimes have no option except to meet the ransom demands, while stressing that the insured, not insurer, makes the call. Many businesses purchase cyber insurance because it offers ransom payment coverage and if that is not allowed, Government should not rely on insurers as its due diligence mechanism for monitoring business compliance and implementation of security measures.ĪPCIA is worried that prohibitions on the reimbursement of ransom payments present “potential unintended consequences” such as eliminating a meaningful risk management resource.For this reason, there must be a holistic approach that focuses on the core drivers of the criminal behavior utilizing the expertise of all stakeholders. Insurance can play a role in enhancing resiliency, but ultimately cannot cure the criminal behavior that perpetuates the ransomware problem. The ransomware problem cannot be resolved with insurance-centric policy changes.Prohibitions on the reimbursement of legal ransom payments presents potential unintended consequence such as eliminating a meaningful risk management resource. Insurance is an important economic recovery resource for victims of ransomware attacks.This principle is consistent with the long-standing approach to the parallel issue of crime or kidnap & ransom coverages, which are allowed by regulators so long as those payments do not violate sanctions laws. Subject to applicable sanction and other laws, insurers must be permitted to provide reimbursement coverage for the policyholder’s payment of ransom for cyber extortion.Cyber threat information sharing by government and impacted businesses with strong liability protections can increase timely detection, response, and deterrence measures.Creating greater cyber resiliency is a societal obligation achievable with the involvement of both the public and private sectors coming together to identify the core drivers of ransomware incidents, and cyber threats generally. ![]() The insurance industry wants to partner with government and policyholders to help drive policy objectives that will increase cyber resiliency and support competition.Some of the APCIA guiding principles on dealing with ransomware attacks include: APCIA members include many of the nation’s best-known P/C insurance companies all told its members represent nearly 60% of the nation’s property/casualty market share. For this reason, there must be a holistic approach that focuses on the core drivers of the criminal behavior utilizing the expertise of all stakeholders.” Government “should not rely on insurers as its due diligence mechanism for monitoring business compliance and implementation of security measures,” the group says in its principles. Public-Private Partners The APCIA’s principles stress the view that the ransomware problem cannot be resolved with “insurance-centric policy” changes: “Insurance can play a role in enhancing resiliency, but ultimately cannot cure the criminal behavior that perpetuates the ransomware problem. ![]()
0 Comments
Leave a Reply. |