The Association of British Insurers (ABI) has defended including ransomware payments in first-party cyber-insurance policies.

It highlighted that although firms face financial ruin without cover, insurance is not a replacement for taking every step to prevent the spread of ransomware.

Professor Ciaran Martin, former head of the National Cyber Security Centre, said the UK needs to rethink its policies on ransomware in comments first reported by the Guardian.

He said he believed insurers were "funding organised crime" by covering ransomware claims, but the issue of tackling ransomware was far broader than just the insurance sector.

He clarified that while official advice is not to pay the demand, it is not illegal in the UK.

However, he did not think that banning ransomware insurance claims would necessarily solve the problem.

"I have some sympathy with insurers, because as long as it's legal, there are incentives to pay."

He added: "But it's worth a serious piece of consultation because if we continue as we are, things will get worse.”

A spokesman for the ABI said insurers require that "reasonable precautions" are taken to prevent cyber-attacks from succeeding in the first place, just as cars and houses require security measures in place to deter thieves.

They added: "Some might argue that any insurance that covers against a criminal act could lull the policyholder into a false sense of security”.

Share Story: