This is good news for companies, but also for insurers, who have been wandering in a legal grey area on this matter. The new bill unveiled by the executive provides an answer. From now on, if the bill is validated by the Parliament, insurers will be allowed to compensate companies that have been victims of ransomware.
“Cyber risk is still relatively uninsured,” explains the French government. This news has had the effect of a bubble of air for all those who have been or still are confronted with the unavailability of their computer networks following an encryption carried out by hackers.
There is one condition, however: the victims must first file a complaint, otherwise no compensation will be granted. This is a small revolution in French doctrine, which until now has prohibited the payment of ransoms, and therefore their compensation by insurance companies. The bill notes that this will “improve information for security forces and the judicial authority and break the profitability model of cyber attackers”. For their part, the main French insurers are pleased with this clarification.
The challenge for the State is also to “develop cooperation between public and private actors to raise awareness of the local economic network as well as to increase training efforts for insurance professionals”, according to the report published by the Ministry of the Economy.
Some voices have already been raised to denounce the “message sent to cybercriminals”. Will such a measure have the desired effect, or will it encourage new cyber attacks? Indeed, companies might be more inclined to pay ransoms if they are immediately reimbursed by insurers. The Parliament’s working group set up at the end of the month will have to answer this question.