Brought to you by:

Insurers not to blame for rise in cybercrime ransoms, expert says

Blaming insurers for a rise in cyber crime is fundamentally “misguided” and making ransom payments illegal would only punish the victims, an industry expert says.

Graeme Newman, CIO at CFC Underwriting in London, tells insuranceNEWS.com.au it is “overly simplistic” to think legislation against giving in to ransoms will stop the growing problem.

“That is far, far too simplistic and is lazy thinking. The problem is more nuanced and more complex than that,” says Mr Newman, who has two decades of experience in cyber insurance.

Security experts in the UK have recommended making it illegal for cyber insurers to reimburse ransom payments and have also suggested cyber insurers are “inadvertently funding cyber crime”.

Mr Newman dismisses this and says governments should be trying to catch the cyber crime actors and not trying to criminalise the victims of the crime.

“Why would we make them a criminal if they chose to pay? I think that is fundamentally wrong. What we should be doing is helping them to follow the money trail and catch the perpetrators,” he says.

He advocates a licensing system whereby any payments of this nature are regulated to make sure law enforcement knows what is going on.

“Otherwise you just drive this underground and take it totally out of the purview of law enforcement,” he says.

Less than 15% of global businesses purchase cyber insurance, so to suggest that eliminating part of it would fix what is now a global issue would be to “ignore the other 85% of businesses who face the same problem without insurance”.

“There is no evidence to suggest that businesses who purchase cyber insurance are more inclined to pay a ransom demand than those without, in fact in my experience, it is quite the opposite,” Mr Newman says.

Armed with insurance, a company can access the appropriate experts to guide them through the issue and support them through the recovery process. In the absence of this help, most small businesses assume they have no other option but to pay.

Cyber criminals are ditching their old tactics of identity theft and social engineering and moving to the “increasingly lucrative business of extortion”.

Cybercrime is also unusually problematic because the perpetrators are often outside of the jurisdiction of the countries in which the victims are located and can ‘case the joint’ virtually.

“That is why this is big and going to grow because the criminals can hide,” Mr Newman says. He says cryptocurrencies make it possible to launder billions of dollars and more must be done to clamp down on the exchanges that wittingly or unwittingly facilitate this crime.

“We should be putting our effort into tackling those exchanges that facilitate the payments - the over-the-counter traders that are the money launderers of cryptocurrency. That is an area to focus our efforts.”

Cyber insurance has a “critical role to play,” and by following carefully structured paths and involving the right professionals, can ensure that payments are only made when absolutely necessary and that law enforcement are kept informed so they can use the intelligence gathered to track and ultimately catch the perpetrators, Mr Newman says.