At the end of August, the authors of a cyberattack targeting the South Ile-de-France hospital center in Corbeil-Essonnes demanded a ransom of 10 million dollars. The establishment quickly let it be known that it would not pay the requested amount, but other actors confronted with this scourge, in particular companies, sometimes have no choice but to pay the ransom to avoid going out of business. the door. On the rise, attacks by ransomware affected nearly one in five companies in France last year, with an average ransom of around €6,400, a figure that has jumped 50% per year since 2016.
In this context, pressure is increasing for the government to take action against this scourge. This is why the Minister of the Economy, Bruno Le Maire, asked the Treasury in June 2021 to set up a working group on the development of an insurance offer to cover cyber risks. From this reflection came a report unveiled on Wednesday, which sets guidelines to complete France’s arsenal in the fight against cyber threats.
Compensation conditional on the filing of a complaint within 48 hours
At the heart of this 47-page document is a key measure that will provide relief to companies facing attacks by ransomware, namely compensation for ransoms that they may be required to pay to hackers. This measure must be integrated into the orientation and programming bill of the Ministry of the Interior (LOPMI), presented this Wednesday, September 7 in the Council of Ministers.
However, compensation is conditional on the company being attacked filing a complaint within 48 hours, so as to organize the fight against cybercrime in France more effectively. “Conditioning the insurability of the payment of ransoms to the filing of a complaint by the victim would make it possible to preserve the viability of companies forced to pay the ransom as a last resort without jeopardizing the repression of cybercrime”write the authors of the report The development of cyber risk insurance. “Most of the cyber risk is controllable: 97% of cyber claims covered by insurance gave rise to compensation of less than 3 million euros in 2021. The priority must therefore be to strengthen the pooling capacities of the cyber security market. ‘cyber insurance to absorb high-intensity claims’they add.
A still underdeveloped market and several obstacles
This measure aims to correct a big hole in the racket in French cybersecurity. “Cyber risk insurance is still an underdeveloped market. In 2021, the French cyber risk market is estimated at 219 million euros in turnover, or 3.1% of total insurance premiums. professional property damage insurancenotes the report of the Directorate General of the Treasury.
“Several obstacles to the development of this new product have been identified. On the demand side, companies, in particular VSEs/SMEs, still underestimate the potential impact of attacks on their business and find it difficult to identify the content offers. On the supply side, insurers and reinsurers have difficulty measuring this protean and evolving risk, often due to a lack of data”analyze in particular the authors of the document.
Bercy pleads for the creation of a Cyber Threat Observatory
In addition to compensation for cyber-ransoms, the report makes 17 other proposals to develop insurance in this area in France. Among the measures recommended, the creation of a Cyber Threat Observatory under the aegis of the National Agency for the Security of Information Systems (Anssi), the French cybersecurity policeman. This new structure aims to “promote the sharing of cyber claims data”by bringing together market players (insurers, reinsurers), public authorities and experts from the academic world.
Bercy also recommends “to study the use of financial markets to free up insurance capacity” or even of “set up a cyber risk insurance task force to steer the action plan of this report and make the Paris marketplace a center of cyber risk expertise”. In this context, the Cyber Campus, erected like the “cybersecurity totem in France” by the government and inaugurated last February, should reinforce this logic. At the heart of the La Défense business district, at the gates of Paris, this strategic location for national security in virtual space aims to bring together the entire French cybersecurity ecosystem on the 13 floors of the Eria tower. . The Cyber Campus is part of the national plan for cybersecurity, which devotes a budget of one billion euros to accelerate the development of the sector in France.