The cyber coverage market remains embryonic in the face of a systemic threat

The decision is far from unanimous, but the government has decided. Insurance companies will now be able to legally reimburse the cyberransoms paid by their customers when they have filed a complaint, announced Wednesday, September 7, the Ministry of Economy and Finance. Bercy also announced the establishment, at the end of September, of a task force specializing in cyber risk involving all the players.

Read also: Ransomware: the State ready to validate the compensation of ransoms by insurance companies

The measure, included in the Interior Ministry’s programming bill presented to the Council of Ministers on Wednesday, makes it possible to remove doubts. They had led Axa or Generali to suspend the “cyberransom” options of insurance policies pending clarification. The risk has increased over the past two years with the sharp increase in cybercrime – including against hospitals – even if the demand for ransom intervenes in only 14% of cyberattacks.

A key role in building a sustainable model

Compensation for victims of cyberattacks will make them “solvent”, worry opponents of the measure announced by the government. Then deputy, Valéria Faure-Muntian (LRM, Loire) was and remains one of those. In a report published at the end of 2021, it proposed measures to protect companies but it rejected the reimbursement of ransoms, judging that it “encourages” cybercriminals and deters companies from investing in preventing such attacks.

In the report, Guillaume Poupard, the director general of the National Agency for the Security of Information Systems (Anssi), was categorical: “Insurance cannot help fuel cybercriminal activities by systematizing ransom payments. » For him, gangs with ever more sophisticated methods “target the files of insurers in order to then attack their customers and thus have increased guarantees of payment”. Insurance nevertheless has a key role to play in “the construction of a sustainable model of cybersecurity”he adds.

Read also: Article reserved for our subscribers “In the grim picture of Chinese tech, Tencent is the company that is doing the best”

The cyber cover market, of which ransomware is only a small part, remains embryonic (130 million euros in 2020) in the face of a systemic threat – further illustrated by the war in Ukraine. The risk is sometimes so great that it cannot be covered by a single company. It will have to be pooled and even go through public-private partnerships to ensure the defense of strategic companies.