A senior White House official has called for an end to insurance policies that encourage the payment of ransoms in ransomware attacks. Speaking on Friday, the official emphasized that such policies fuel cybercrime and must be reevaluated.
The statement comes after the fourth annual International Counter Ransomware Initiative (CRI) summit, held in the U.S. this week, where representatives from 68 countries gathered to discuss global ransomware challenges. While there has been no formal proposal from the White House to ban these policies, the remarks underscore growing concerns about their role in perpetuating cybercrime.
In an opinion piece for the Financial Times, Anne Neuberger, the U.S. Deputy National Security Adviser for Cyber and Emerging Technologies, highlighted the widespread damage caused by ransomware. “Some insurance company policies — for example covering reimbursement of ransomware payments — incentivize the payment of ransoms that fuel cyber crime ecosystems. This is a troubling practice that must end,” Neuberger wrote.
Despite attempts to collaborate with the insurance industry on this issue, no formal agreements have been reached. However, Neuberger noted that insurance companies could play a positive role by requiring companies to implement robust cybersecurity measures as a condition for coverage, similar to how fire alarms are required for home insurance policies.
Earlier this year, after lengthy discussions with the British insurance industry, the UK’s National Cyber Security Centre (NCSC) released guidance on handling ransomware attacks. This guidance encourages businesses to carefully assess their options before making ransom payments but stops short of banning the practice outright.
At the recent CRI summit, 39 member nations and eight global insurance industry bodies endorsed similar guidance. This recommendation urged organizations to consider alternatives to paying ransoms but, like previous efforts, did not explicitly prohibit insurance companies from covering such payments.
Despite the availability of guidelines on ransomware response, the number of attacks in the UK has roughly doubled over the past two years. Similar trends have been observed in the United States, with ransomware incidents nearly doubling in the same period, according to Laura Galante, Director of the Cyberthreat Intelligence Integration Center at the Office of the Director of National Intelligence.
While the push for better cybersecurity practices continues, the debate over insurance-funded ransomware payments remains unresolved.
Related topics:
