Former CIO of the White House Theresa Payton has warned that cyber insurance companies are supporting the ransomware industry by manipulating organisations into paying to have their systems returned after a cyber attack.
Insurance companies, according to Payton, are encouraging customers to pay ransomware demands as the costs associated with data recovery often outweigh those incurred by the ransom, meaning insurance providers pay far less as a result.
"I'm increasingly frustrated at the trend where the insurance companies are encouraging the victims to pay," said Theresa Payton, former White House CIO and security authority.
"The insurance company looks at what the potential incident response and forensics bill might be and that's going to be bigger in many cases because many organisations are not prepared and they would actually rather pay," she said.
Speaking at CloudSec 2019 in London, Payton said she was recently approached by an organisation seeking advice on how to proceed after its insurance company attempted to handle the ransomware issue directly. In that case, the insurance firm said it was "experienced at negotiating with the ransomware syndicates" and that it could "get the price to go way down".
Payton's warning follows a report issued earlier this year that showed ransomware attacks on UK businesses soared 195% in 2019 following a reduction in 2018. ITPro in the UK has the full story: