It comes as Professor Ciaran Martin, the former head of the National Cyber Security Centre, told the BBC that the UK needed to rethink its policies on ransomware, days after warning The Guardian that insurers were “inadvertently funding organised crime” by paying out claims from companies who have paid ransoms to regain access to data and systems after ransomware attacks.
He warned against companies paying ransoms to cyber gangs and then claiming back cash from insurers.
He told The Guardian: “I see this as so avoidable. At the moment, companies have incentives to pay ransoms to make sure this all goes away. You have to look seriously about changing the law on insurance and banning these payments, or at the very least, having a major consultation with the industry.”
While the ABI has warned that insurance policies alone are “not an alternative” to minimising ransomware risks in the first place, it noted that businesses can still “face financial ruin without the cover”, however.
A spokesman for the ABI told the BBC that insurers still require that “reasonable precautions” are taken to prevent cyber-attacks from succeeding, adding that “some might argue that any insurance that covers against a criminal act could lull the policyholder into a false sense of security”.
Professor Martin added that whilst ransomware insurance claims should not be banned, he is calling for a “serious” consultation on ransomware policies going forward.