Insurance firms have been urged by Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger to cease policies encouraging ransomware-hit organizations to provide extortion payments amid increasingly severe intrusions around the world, reports The Record, a news site by cybersecurity firm Recorded Future.
"Some insurance company policies — for example covering reimbursement of ransomware payments — incentivise payment of ransoms that fuel cyber crime ecosystems. This is a troubling practice that must end," wrote Neuberger in an op-ed for the Financial Times. Despite little action from the insurance industry, prohibiting the issuance of such policies could prompt the inclusion of cybersecurity requirements and verification in the underwriting process, Neuberger added. Such a development comes as 39 Counter Ransomware Initiative members and eight insurance industry groups expressed support for guidelines on reviewing extortion payment decisions, which was similar to earlier guidance agreed upon by the UK's National Cyber Security Centre and the country's insurance sector.