Asia & Oceania

Decision to pay cyber ransom should remain with victim: ICA


The decision whether to pay a cyber attack ransom should remain with the victim organisation, an Insurance Council of Australia (ICA) submission on development of the 2023-2030 Australia Cyber Security Strategy says.

The Federal government is seeking feedback on the development of the strategy after Prime Minister Anthony Albanese led an expert roundtable earlier this year focused on making Australia “the most cyber secure nation”.

ICA CEO and MD Andrew Hall "strongly encouraged” the government to consult further with the insurance industry before taking a definite position to ban ransom payments.

“Banning ransom payments by businesses and/or reimbursements by insurers may have other unintended consequences which we suggest warrant careful consideration,” the ICA submission said.

“An outright ban may disproportionally affect smaller entities and may significantly impact their ability and capacity to recover and return to operation.

“While paying ransoms can contribute to a criminal business model, it must be recognised that no organisation wants to be extorted and the decision to pay a ransom is largely a function of the cost of recovery and remediation being higher than the ransom demand.”

The ICA recommended strengthening cyber security standards and disclosure regimes, reporting and sharing of ransomware incidents, tougher penalties and enforcement against cyber criminals, and greater international co-operation and coordination of financial sanctions regimes and information sharing.

It says a multi-faceted approach should aim to reduce the underlying drivers, limit their impact and ensure business resilience.

"The current practice for cyber insurance is that the decision to pay or not pay a ransom is made by the client. Moreover, any ransom payment is made by the victim, not the insurer and may be reimbursed, subject to the limits of the policy and compliance with sanction policies,” it said.

Protecting a business’ cyber assets and backing-up data remain the greatest protection against the loss of data, the ICA says, and early notification to regulators and government of ransom attacks and information sharing with the wider eco-system help protect against future attacks.

As ransom payments are frequently requested in cryptocurrency, greater regulation of crypto assets should be considered as part of the solution to deter attacks.

The ICA also welcomed government initiatives that improve firms’ cyber risk posture and that “these initiatives would in turn likely improve availability of cyber insurance”.

An Expert Advisory Board to advise the government on development of the national cyber strategy is chaired by former Axa Asia Pacific Holdings and Telstra CEO Andrew Penn. On the board are former Air Force chief Mel Hupfeld and CEO of the Cyber Security Cooperative Research Centre Rachael Falk.

Share this Post:
Posted by IRL Editor


ad ad

Related articles

Aon announces new Asia Pacific COO

Aon has named Citibank Asia Pacific executive Jeff Plein as its new Asia Pacific COO.  The appointment follows Bill Hooper’s move to the position of Global COO of Commercial Risk...

Insurance Authority rolls out Open API Framework and launches the Central Register with Hong Kong Science and Technology Parks Corporation to facilitate Insurtech development

The Insurance Authority (IA) today (18 September 2023) rolled out the Open Application Programming Interface (API) Framework (the Framework) and the Central Register for the insurance sector[1], providing...

Aon Joins International Emissions Trading Association as First Member with Risk Capital Capabilities

Aon plc (NYSE: AON), a leading global professional services firm, today announced it has joined the International Emissions Trading Association (IETA) as the first member with risk capital...

Steadfast flags US expansion as profit increases

Steadfast has reported a 22.5% rise in underlying full-year earnings and has flagged that it will provide details on an expected US transaction by its October annual general meeting. Group CEO...

UnisonSteadfast welcomes new broker Nord Partner

Nord Partner is a new member in Poland to the UnisonSteadfast community. Nord Partner Sp. Zo.o was established in 1998 in Torún and now has 20 offices throughout Poland. The broker...

Joe Peiser to head Aon’s main commercial brokerage unit

Aon PLC named New York-based Joe Peiser CEO of commercial risk solutions, its main commercial insurance brokerage unit. He succeeds Lambros Lambrou, who was named CEO of Aon’s human capital...