The nation’s largest property/casualty insurance organization is defending ransom payment reimbursements by insurers in a new set of principles stressing that the insurance industry wants to partner with government and business to improve cybersecurity.
The insurers say they “must be permitted to provide reimbursement coverage for the policyholder’s payment of ransom for cyber extortion,” subject to applicable sanction and other laws.
“This principle is consistent with the long-standing approach to the parallel issue of crime or kidnap & ransom coverages, which are allowed by regulators so long as those payments do not violate sanctions laws,” the American Property Casualty Insurance Association (APCIA) said in releasing its Cyber Extortion/Ransomware Guiding Principles.
Recent ransomware attacks on Colonial Pipeline, beef producer JBS USA, and CNA Insurance among others have re-ignited a debate over whether victims of attacks should pay ransom, and whether doing so encourages more attacks.