Axa France has suspended its “cyber ransom” guarantee, reports the specialized media News Assurance Pro in an article published on May 3.
Asked by L’Usine Digitale, the insurer confirmed this suspension. He nevertheless specified that the “CyberSecure” offer was still marketed. This includes a problem identification service, the implementation of corrective actions, the analysis of the incident and the provision of recommendations. The framework must be clarified.
This suspension is partly explained by the criticisms formulated by the Paris Prosecutor’s Office and the National Agency for the Security of Information Systems (Anssi) during a hearing in the Senate on April 15, 2021, explains a spokesperson. from Axa. “In this context, Axa France (…) deemed it appropriate to suspend its marketing until the consequences are drawn from this analysis and the intervention framework is clarified”, he detailed.
Johanna Brousse, deputy prosecutor and head of the J3 section dedicated to cybercrime at the Paris prosecutor’s office, explained during this roundtable devoted to the cybersecurity of mid-cap companies that paying ransoms was a central issue. “We will have to toughen up the tone (…) We pay the ransoms too easily”, she declared. A finding shared by the insurer Hiscox who, in a study, affirms that France is one of the countries that pays the most in the world for these ransom demands.
“The watchword today is that in terms of ransomware, we no longer want to pay and we will no longer pay. It is essential to dry up the source and for hackers to be aware that the France is not the goose that lays golden eggs “, added the magistrate. Insurers are playing a double game
For his part, Guillaume Poupard, at the head of Anssi, said he was worried about the “troubled game of certain insurers”. “I agree with this observation which is economically very rational since an insurer who has the choice between paying a few million ransom or several tens of millions under the insurance policy that has been contracted, he will pay the ransom. obvious! ”he analyzed.
As a reminder, ransomware is malware that paralyzes an information system by encrypting all of the data contained therein. The cybercriminals then offer the victim a decryption key in exchange for a certain amount payable in bitcoins, which is therefore impossible to cancel once paid. This ransom can sometimes reach several million euros. Ransomware explodes Ransomware reports increased 255% in 2020, according to figures from Anssi. This trend is increasing year by year. Faced with this observation, some insurance companies are marketing an offer dedicated to IT security. These contracts protect a business against IT risks and help it cope with the consequences of a cyber attack, of which the ransom demand is one.
However, according to official instructions, you should never pay the ransom demanded by cybercriminals. Because it maintains or even strengthens their activity. But in certain situations, the payment of the disputed sum costs less for the insurers than the payment of the indemnity provided for in the insurance policy.
From a purely economic point of view, this reaction is legitimate but it is dangerous since it sends the wrong signal to cybercriminals. Seeing that companies pay for every attack, they have no reason to stop. A mandatory reporting mechanism
The issue related to the payment of the ransom was examined by the Commission supérieure du Numérique et des Postes (CSNP), a parliamentary group tasked with monitoring postal and electronic communications activities, which issued an opinion to the government on security. digital.
After recalling that 20% of companies pay the ransom, she recommends that the government develop a mechanism to regulate the payment of ransoms either to prohibit it or to make it compulsory, under the cover of “trade secrets” protection. “, the declaration to the French authorities of a ransom demand and its treatment.
The educational start-up Kahoot invests the US market by offering Clever for $ 400 million
Booking receives a fine of 475,000 euros following a personal data breach
Manna raises $ 25 million to develop pilot drone delivery projects in the United States