12 votes

The extortion economy: How insurance companies are fueling a rise in ransomware attacks

3 comments

  1. Diet_Coke
    Link
    I actually work with cyber liability, so this is something I've thought about before. Some insurance companies will hire negotiators to try and talk down the demand too, although that can just...

    I actually work with cyber liability, so this is something I've thought about before. Some insurance companies will hire negotiators to try and talk down the demand too, although that can just lead to hackers demanding more money. They will also hire computer forensics teams to secure the systems of their insureds post-breach, so that the same kind of claim doesn't happen again. In that way, they are doing their legal duty to defend and indemnify (make whole again) their insured. Look at the cities that are paying millions of dollars instead of a few thousand - are they doing right by their taxpayers?

    5 votes
  2. [2]
    skybrian
    Link
    Solve for the equilibrium, as they say. I would expect ransom demands to go up, insurance rates to go up, and insurers to give discounts to organizations with better security. Paying bounties for...

    Solve for the equilibrium, as they say.

    I would expect ransom demands to go up, insurance rates to go up, and insurers to give discounts to organizations with better security.

    Paying bounties for reports of security holes, like the big tech firms do, might look cheap in comparison? Maybe insurers will start giving discounts for that, or even offer to run the bug bounty program themselves for the organizations they secure?

    1 vote
    1. skybrian
      Link Parent
      But then there is Matt Levine's take on it: https://www.bloomberg.com/opinion/articles/2019-08-27/the-libor-change-is-coming

      But then there is Matt Levine's take on it:

      On the one hand, if you’re an insurance company insuring against some risk, you’d prefer, at least in the short term, for the risk never to come true for your customers, because then you’d get to keep all their premiums and not pay anything out. But if the risk never happened at all then all your customers would stop worrying about it, cancel their contracts and stop paying you premiums. This creates weird incentives. You want the risk to be big and dangerous and salient. You want everyone to worry about it all the time, so they pay you lots of money for premiums. Then ideally you’d help your clients avoid the risk, so that you can keep more of the premiums, but basically it is a volume business and you’d rather collect more premiums and pay more claims than have fewer of each.

      https://www.bloomberg.com/opinion/articles/2019-08-27/the-libor-change-is-coming

      2 votes