IT disaster recovery provider Databarracks has said the insurance industry “must do more” to prevent companies caving to ransomware demands.
According to the company, the strategy of invoking cyber insurance policies to pay out on ransomware attacks is “funding cyber criminals and creating a vicious circle of further attacks”.
When hit by a ransomware attack, many organisations will choose to pay the ransom to quickly get their data back, knowing their insurance provider will cover the cost.
Databarracks believes this leads to increased attacks, which triggers greater awareness within the media, resulting in more companies taking out cyber policies and more money being paid out for attacks.
Peter Groucutt, MD at Databarracks, said: “Insurance companies should shift to a policy where they don’t pay out for ransomware attacks as a matter of course.
“This can happen in two ways: one is through regulation to prevent these pay-outs. Alternatively, the insurance industry makes a collective decision to make this change without external intervention.”
He added: “Cyber is a relatively immature insurance market without historical loss data to guide it. The rapid increase in the number and value of attacks may show insurers that continuing this cycle will make it unprofitable.”