Asia & Oceania

Decision to pay cyber ransom should remain with victim: ICA


The decision whether to pay a cyber attack ransom should remain with the victim organisation, an Insurance Council of Australia (ICA) submission on development of the 2023-2030 Australia Cyber Security Strategy says.

The Federal government is seeking feedback on the development of the strategy after Prime Minister Anthony Albanese led an expert roundtable earlier this year focused on making Australia “the most cyber secure nation”.

ICA CEO and MD Andrew Hall "strongly encouraged” the government to consult further with the insurance industry before taking a definite position to ban ransom payments.

“Banning ransom payments by businesses and/or reimbursements by insurers may have other unintended consequences which we suggest warrant careful consideration,” the ICA submission said.

“An outright ban may disproportionally affect smaller entities and may significantly impact their ability and capacity to recover and return to operation.

“While paying ransoms can contribute to a criminal business model, it must be recognised that no organisation wants to be extorted and the decision to pay a ransom is largely a function of the cost of recovery and remediation being higher than the ransom demand.”

The ICA recommended strengthening cyber security standards and disclosure regimes, reporting and sharing of ransomware incidents, tougher penalties and enforcement against cyber criminals, and greater international co-operation and coordination of financial sanctions regimes and information sharing.

It says a multi-faceted approach should aim to reduce the underlying drivers, limit their impact and ensure business resilience.

"The current practice for cyber insurance is that the decision to pay or not pay a ransom is made by the client. Moreover, any ransom payment is made by the victim, not the insurer and may be reimbursed, subject to the limits of the policy and compliance with sanction policies,” it said.

Protecting a business’ cyber assets and backing-up data remain the greatest protection against the loss of data, the ICA says, and early notification to regulators and government of ransom attacks and information sharing with the wider eco-system help protect against future attacks.

As ransom payments are frequently requested in cryptocurrency, greater regulation of crypto assets should be considered as part of the solution to deter attacks.

The ICA also welcomed government initiatives that improve firms’ cyber risk posture and that “these initiatives would in turn likely improve availability of cyber insurance”.

An Expert Advisory Board to advise the government on development of the national cyber strategy is chaired by former Axa Asia Pacific Holdings and Telstra CEO Andrew Penn. On the board are former Air Force chief Mel Hupfeld and CEO of the Cyber Security Cooperative Research Centre Rachael Falk.

Share this Post:
Posted by IRL Editor


ad ad

Related articles

Patrick Rastiello joins Ardonagh Specialty to lead North America Reinsurance expansion

Ardonagh Specialty has appointed Patrick Rastiello as CEO* of its North American reinsurance operations.   Patrick will be responsible for building Ardonagh Specialty’s US reinsurance...

Global Markets Overview: February 2024

In this Global Markets Overview, we explore our global outlook and share what we think it means for 2024. As...


Risk Management Trailblazer Presented with RIMS Highest Honor for Lifetime Achievement in Risk Management  NEW YORK (February 13, 2024) – At the RIMS New Zealand and Pacific Island...

Insurer’s Lease More Than Doubles Its Chicago Office Space

Sompo International Plans Move to 46-Story Tower at 155 N. Wacker A global specialty insurance provider is more than doubling the size of its Chicago office in a move a few blocks north, bucking the trend...

Haynes and Boone, LLP is pleased to announce that Peter A. Halprin has joined the firm as a Partner

Haynes and Boone, LLP is pleased to welcome Insurance Recovery Partner Peter A. Halprin to the firm’s New York City office. A Chambers USA-ranked attorney, Peter joins from Pasich LLP, where...

LIO Specialty Launches Revolutionary Online Portal for Life Science Insurance Solutions

Leading the Excess and Surplus Lines Market with Innovative Coverage for Cannabis and Nutraceutical Industries  West Conshohocken, PA– LIO Specialty Insurance Company proudly announces the launch...