French Parliament report proposes action against cyber attacks

0


[ad_1]

The report by Valéria Faure-Muntian (37 pages / 1.4 Mb PDF) – Member of the Loire Valley and president of the National Assembly’s Study Group on Insurance – makes a number of recommendations on responses to cyber attacks. The National Information Systems Security Agency (ANSSI) has indicated that the number of cyber attacks has quadrupled since the start of the Covid-19 pandemic, and that 2020 has seen a 225% increase in reports of attacks of ransomware compared to 2019.

But tech expert Annabelle Richard said companies sometimes have little choice in how they respond, especially to ransomware attacks.

“It is easy to understand the position of the authors of this report concerning the assumption of responsibility for the payment of ransoms by cyber insurance and the various risks that this generates”, she declared. “However, it should be remembered that for a number of organizations, non-payment of the ransom is not an option as it is the only way for them to recover their data.

“Unfortunately, in France, many organizations are not mature enough to prepare for a cyber incident. As a result, banning the payment of ransoms by their insurers could cause serious problems. Before being able to consider this type of ban, it therefore seems necessary to start by helping and encouraging French companies to better prepare for this type of incident, ”said Richard.

The report proposes to clarify and define the law relating to cyber risks and cyber attacks. He said legislation is needed to establish rules on the payment of ransoms. It deals with the obligation for companies that work with the State or operators of vital interest (OIV) and operators of essential services (OSE) to have a cyber insurance policy.

In order to better take cyber risk into account, the European Insurance and Occupational Pensions Authority (EIOPA) intends to promote the development of a harmonized risk insurance system. Insurance companies have formalized their own classification of covered damages as the cost of the invasion of privacy, or all necessary costs, expenses and charges incurred by the insured, or those necessary to restore data and data. lost or compromised computer systems. In the area of ​​cyber attacks, the insurance industry has defined the notion of cyber business interruption as the period during which the insurer will reimburse the insured for lost income and operational expenses.

In 2020, cyber risk was the biggest threat to the French economy according to the annual risk barometer published by Allianz. The pandemic has introduced new security risks, especially for companies whose employees work from home rather than from company-controlled digital networks.

Insurers have been developing cyber insurance contracts for several decades, first in the United States and the United Kingdom, then in France. While large groups are aware of cyber risks, small businesses and local communities are often less well informed.

Jérôme Notin, Director General of the Public Interest Grouping Action Against Cyber-Malware, said in the report: “To start protecting yourself, you have to be aware of the risks. And these risks are real: the news shows it almost daily. This first step taken, it should be understood that the vast majority of cyber attacks could be avoided if simple measures were followed such as good password management, if security updates were regularly applied, if all data was regularly and correctly backed up.

The director general of ANSSI Guillaume Poupard declared in the report: “The prohibition or at least a strict framework of the coverage of the payment of ransoms in cyber insurance policies now seems essential to put all insurers on a smooth footing. equality, while considerably draining the manna of cybercriminals. On the other hand, insurance can play an essential role in the consideration of cyber risk by companies. They have an incentive power that pushes their policyholders to comply with good cybersecurity practices, or even to perform regular audits to assess their level of maturity.

[ad_2]

Share.

Comments are closed.