Following Ciaran Martin’s (former Head of the NCSC) comments to The Guardian on insurers funding ransomware attacks, Arcserve’s VP EMEA, Mick Bradley tells Digital Journal that cyber insurance can be a legal requirement for all trading businesses as long as they have the right tools and data procedures in place. Martin has raised concerns that ransomware incidents are close to “getting out of control.” This occurs because there is no legal barrier to companies paying ransoms to cyber gangs and claiming back on insurance.
Martin states: “I see this as so avoidable. At the moment, companies have incentives to pay ransoms to make sure this all goes away.”
Martin continues: “You have to look seriously about changing the law on insurance and banning these payments, or at the very least, having a major consultation with the industry.”
Mick Bradley explains to Digital Journal how rules and regulations have a role: “The recent comment made by Ciaran Martin advocating for legislation, which is needed to stop ransomware payouts is not a bad idea. We in the Information Technology industry need to turn off the tap that is fuelling the growth of ransomware and such legislation can help this process. An even better approach would be for the UK government to make ‘cyber insurance’ a legal requirement for all trading businesses.”
Bradley explains how, with this approach: “This would make it easy for governments to address the ‘paying ransoms’ problem as insurance companies would need to mandate very stringent requirements that companies have to comply with before underwriting their insurance policies.”
In terms of what the future may have in store, Bradley predicts: “The most likely approach is to introduce a bill with a future date of when this will be enacted, thereby allowing organisations some time to give this proper consideration. Organisations who have been putting off implementing their own ransomware protection protocols need to take a hard look at themselves and seriously think about what is at stake here.”