Cyber Insurance: Is Paying a Ransom Counter-Productive?

Evangelists-Jacqueline JayneFood for thought as discussed on May 18, 2023, an article posted in The Australian Insurance Council: Banning paying a ransom to cyber hackers is counter-productive where Andrew Hall, the Chief Executive of the Insurance Council of Australia (ICA), stated that “attempts to ban businesses from paying ransoms for cyber attacks risks eroding trust and relationships with government.”

The premise of this comment comes from the recent Australian Federal Budget announcement of AUD $23.4 million in funding for a program designed to uplift cyber security for 50,000 small businesses with a cyber warden program.  The details of this program are yet to be finalized. Mr. Hall encourages more consultation between the government and the small business community.

In relation to the proposed ban on paying ransoms for cyber attacks, Mr Hall brings up a valid point that the “decision for a business to pay or not pay a ransom is a decision for the business.” If a ban on paying ransoms was to come into effect, there is a high chance that businesses would decide to pay to keep their business running despite the potential fallout.

The steady nature of ransomware attacks is a reminder that no company is immune. As the threat landscape continues to evolve, it is more important than ever for Australian businesses to cultivate a security culture. This means having a comprehensive security strategy and focusing on preventative measures to reduce the risk of human error and investing in security technologies.

We can’t (yet) stop ransomware.  What we can do is limit the effectiveness and frequency of ransomware by increasing basic cyber awareness. 

There are several things that Australian businesses can do to increase their basic cyber hygiene and cultivate a security culture. These include:

  • Implement ongoing, relevant, and engaging employee education on security best practices.
  • Provide an opportunity for employees to test their knowledge with simulated social engineering activities, e.g., simulated phishing programs. 
  • Create relevant cyber security policies that specify the desired guidelines, expectations, actions, attitudes, and behaviors aligned with security.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews