- The role insurance providers are playing in ransomware attacks, and the decision to pay a ransom, could be encouraging further attacks, according to ProPublica.
- Lake City, Florida officials said the decision to pay about $462,000 in June was essentially made by the city's insurance provider Beazley. The city was covered by its cyber insurance policy and was responsible for covering a $10,000 deductible.
- While Lake City's council and mayor unanimously agreed to the pay out, the city's IT organization was working to recover backup files. Beazley concluded the recovery process would be too long and expensive, expecting it to exceed $1 million.
Paying a ransom has traditionally been taboo.
Most experts say paying a ransom comes down to basic math: will recovery cost more than the payout.
This is in direct opposition with what U.S. mayors agreed to in their 2019 resolutions. At the Conference of Mayors, 225 of them agreed to not pay ransoms in the event of a cyberattack, saying it encourages more attacks.
"Cyber insurance is what's keeping ransomware alive today," Fabian Wosar, CTO of antivirus provider Emisosft, told ProPublica.
Insurance providers and tech teams have differing priorities. Insurers focus on the bottom line, security professionals are tasked with stopping the criminal. Paying a hacker avoids hefty claim expenses and lengthy downtime while in recovery.
Because insurers pay ransoms as a matter of doing business, it's likely the "moral high ground" of not making a ransom payment is ignored.
The takeaway is the market exists, insurers didn't create it, but their actions could help sustain it.