How insurance companies are fueling a rise in ransomware attacks by paying the ransom

Originally published at:

1 Like

I always wondered that about identity-theft coverage and similar companies – isn’t it in their best interest to make sure there are hackers and identity thieves, scaring people out of their money?

If I sold highly specialized insurance, I’d make sure there were high-profile disasters that could have been covered by my insurance plan, too.


Yet another triumph for the invisible hand! Woohooo! Gooooooo markets!


What do you reckon the odds are that the insurers themselves are ever targeted? I’d say slim-to-none.

1 Like

The ProPublica article says:

“The FBI and security researchers say paying ransoms contributes to the profitability and spread of cybercrime and in some cases may ultimately be funding terrorist regimes. But for insurers, it makes financial sense, industry insiders said. It holds down claim costs by avoiding expenses such as covering lost revenue from snarled services and ongoing fees for consultants aiding in data recovery. And, by rewarding hackers, it encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies.”

But it doesn’t actually offer evidence that paying ransomware ransoms is responsible for the increase in ransomware attacks.

This is similar to how US law enforcement generally is opposed to paying ransom to foreign groups that kidnap Americans on the grounds that it will only increase the risk of such kidnappings in the future.

But what little research that has been done in this area (see, for example, suggests that things like kidnapping Americans are largely crimes of opportunity where paying a given ransom or not may be unlikely to have any net effect on the incidence of kidnapping.

Ransomware appears to be evenmoreso a crime of opportunity than traditional kidnapping for ransom, where once an individual or group has a ransomware payload developed, the cost of attempting to deliver that payload approaches zero for any given target.

The flip side of the coin is also fascinating in that most ransomware groups seem to actually decrypt the files once the ransom is paid. The incentives they have to stick with their agreement or defect from that are fascinating in their own right. I knew that lecture on prisoner’s dilemma would come in handy someday.


Once you pay Danegeld, you never get rid of the Dane.


Wait, paying extortionists encourages them? I think I need to sit down. /s


Be the change you want to see in the world


We’ve always known this about the anti-virus vendors too, right?

And the Colonel. With his wee bitty eyes. Putting chemicals in his chicken that make you crave it fortnightly!

1 Like

I think it was an episode of TV’s Taken. Brian discovers that the kidnappers are working for the insurance company (one bad actor), who basically pay off themselves. Extremely lucrative, considering they targeted their richest clients at $5 million or so a shot.

Of course, this could never happen in the real world, because no one would put profit ahead of…

Lol, i couldn’t even finish typing it with a straight face!


Some are probably in cahoots with the hackers

Random off-book actors, maybe. But an insurance company is going to make substantially more money by bringing in premiums. They use those premiums in financial investments and draw more money from that than they would encouraging crimes like this.

It’s just another revenue stream.

1 Like
1 Like

It is interesting how few of the victims use their business continuity plans, i.e. restore from off site backup or hot site, to recover from these events. You’d think we would have better disaster recovery planning at this point.


Fear not! I bring good news!

In order to reform over this small misalignment of incentives in the insurance market without conceding any fundamental points; I give you the “Hacker Management Organization”.

These 'HMO’s will definitely succeed in cost containment without proving unduly burdensome; because reasons.


shakes tiny fist

1 Like

After one small insurer highlighted the names of some of its cyber policyholders on its website, three of them were attacked by ransomware.

Coincidence, then?

1 Like

The claims in that quote are extraordinarily vague and difficult to evaluate (the writer there seems to want readers to infer something without actually providing evidence for it).

First, obviously organizations are taking out cyber insurance policies precisely because they believe that they are likely to experience cyber issues.

But how small is this insurer? How many policyholders were highlighted on its website? Were the other policyholders not targeted? Were policyholders that the insurer didn’t highlight not targeted?

It’s the sort of anecdote that appears meaningful at first glance, but really gives very little real information to the reader.

Three out of five would be interesting. Three out of 200 would not be.

I’ll bet an insurer has never committed arson. Actually, no I wouldn’t bet that.

This topic was automatically closed after 5 days. New replies are no longer allowed.