back to article Think carefully about cyber insurance, says NCSC. But don't worry about buying off ransomware crooks

The National Cyber Security Centre has urged British businesses to think carefully when picking a cyber insurance policy – but won’t say whether insurance that covers ransomware payoffs is a bad thing or not. Taking the form of seven questions for businesses published on the NCSC website, the latest guidance urges companies to …

  1. This post has been deleted by its author

  2. Potemkine! Silver badge

    Come on. It a certainty insurers will try to squeeze out of their obligations if they can, as they always do.

    1. Anonymous Coward
      Anonymous Coward

      Just waiting to see how long before...

      they try to claim "act of god".

      1. Adrian 4 Silver badge

        Re: Just waiting to see how long before...

        Surely keeping backups which would defeat a ransomware demand is a no-brainer ?

        And for those who still don't do it, negligence.

        Do insurers claim to protect from negligence (not just the legal liability of it, but the direct costs) ?

        1. c1ue

          Re: Just waiting to see how long before...

          Backups work in theory.

          In reality: the cyber criminals are actively going after backups: hardware, cloud, you name it.

          Also in reality: if you have any significant number of endpoints, restore from hardware or cloud - even if not-corrupted - is immensely time consuming and often bandwidth limited. As is the reality that data/work *will* be lost as a tradeoff between backup corruption vulnerability, bandwidth impact on corporate network and windows of data loss vulnerability.

          1. vtcodger Silver badge

            Re: Just waiting to see how long before...

            Of course you should have backups. But as clue points out, there's no guarantee that the bad guys won't simply delay encrypting your data until they have had sufficient time to booby-trap your backups. Load the backup. Everything is great. For about 16 hours. Then your data base is encrypted again. And the ransom amount has gone up.

            Also, for many undertakings -- on line businesses, banks, medical practices, and such, ANY lost transactions are a significant problem.

            There are strategies that might be useful for some operations. For example in some cases keeping short term hard copy of transaction data for a week or three might be a good idea

            But overall, this seems a real problem, and not as easy a problem as one might hope.

        2. big_D Silver badge

          Re: Just waiting to see how long before...

          Theoretically, yes. But a lot of malware now infiltrates the infrastructure and tries to sabotage the backups for months, before it attacks the live data.

          Faced with having to, for example, go back to the end-of-year backups for 2019 or pay the ransom, which is going to be cheaper in the long run? All orders for 2020 lost or will have to be re-entered, all production and batch information, test results and certificates etc. lost or will have to be re-entered.

          In the past, it was correct to deride companies for lack of backups, but the malware authors seem to be getting more thorough and affecting shadow copies and corrupting any backups they can get to.

          The only chance is to regularly do a sample recovery, so that you can spot the problem more quickly. But how often do you have the time to go back through your backups and do a restore to see if they are working as intended? It is something you should do, but most IT departments I've worked in just don't have the time. Currently, I'm lucky, I restore a random sample of files from different sites on a regular basis, to ensure the backups are working.

          But many just assume they are working... Never a good assumption, even if the malware hasn't infected your backup chain.

      2. amanfromMars 1 Silver badge

        Re: Just waiting to see how long before...

        Just waiting to see how long before they try to claim "act of god". .... Anonymous Coward

        Is it not already impossible to plausibly deny all such actions are as a result of ACTs of Global Operating Devices, AC?

        One awkward question to not answer is .... Does the NCSC have such as can very well be useless insurance that pays a ransom to regain control of any of their own forcibly encrypted files ...... or have they not contemplated or dismissed that possibility? Surely sauce for the goose is good for the gander too and ransomware and vapourware is client agnostic even should it be specifically exquisitely targeted at any number of very particular and peculiar customers/suckers?

    2. Lee D Silver badge

      There are whole groups of schools, state and private, at the moment that are suing a bunch of insurers because their "pandemic" insurance (literally has the word in it) doesn't cover COVID-19.

      The insurance company's defence is basically "It doesn't explicitly say COVID-19". Why would it? It wasn't known about when it was drafted. But it says things like pandemics, medical incidents, etc.

      Hundreds of schools thought they were covered, went to cash it in, were told no, and now have to fight it in court. And they're questioning what they actually paid for, and whether it was worth paying for it at all.

      Pretty much like every insurance I've ever heard of. There's a reason why, unless it's legally necessary, I don't bother with insurance. Just put the premium in the bank. On average you'll win just by doing that, and unless you're particularly unlucky you can stand to save a fortune that you'll never use.

  3. Chris G Silver badge

    Basket cases

    Insurers, accountants and lawyer mostly all belong in the same basket.

    Prefably hanging on a long rope and hanging over a hell mouth.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021