The information had passed under the radar of the insurers. In the orientation and programming bill of the Ministry of the Interior 2022-2027 presented on March 16 to the Council of Ministers, the government took a position on the question of the reimbursement of cyber-ransoms by insurers. To the surprise of the specialists, he changed his position and no longer recommended the non-payment of the ransoms but intended to supervise it by making it subject to the justification of the filing of a complaint by the victim within 48 hours after the payment.
A position that insurers were waiting for. “France Assureurs has been asking for several years for the public authorities to clarify the legal framework for the reimbursement, by an insurer, of the payment, by its insured, of ransomware. We are pleased that the bill is in line with the proposals we are making“, reacts the federation. “Recall that reimbursements of ransom payments by insurers offering this type of coverage only intervene as a last resort, once all data recovery solutions have been explored.“, however, would like to remind France Assureurs, which calls for the development of prevention.
Set the rules of the game
Because the posture does not convince everyone. Guillaume Poupard, director general of the National Agency for the Security of Computer Systems (Anssi), or even the LREM deputy Valéria Faure-Muntian, president of the insurance study group of the National Assembly, believe that the reimbursement of ransoms fuels cybercrime.
Faced with criticism, Axa France, for example, suspended its cyber ransom guarantee in the middle of last year. “It is essential that the public authorities concretize their position on this subject in order to allow all market players to fully play their role., then explained a spokesperson. Contacted, the insurer does not comment on the bill. For Generali France, which does not support ransoms “so as not to make a call for air to cyber-attackersvs’East now it is up to the public authorities to set the rules of the game “.
Due to the electoral calendar, it will indeed be up to the next legislature to vote on the text. However, taking a position has another important dimension, according to an expert on the subject: “the fact that the government is expressing itself through this bill shows that the security aspect of cyber-ransoms is taking priority over the economic“.