The possibility of compensation will be conditional on the filing of a complaint by the victim.
The clarification was eagerly awaited. Insurers will be able to compensate victims of cyber-ransom, these ransoms paid by hacked companies on the internet, Bercy announced on Wednesday. Provided they file a complaint. Until now, a gray area remained. If indemnification by insurers of ransoms was not illegal, a parliamentary report had proposed a year ago to ban it. While waiting to see more clearly, Axa France had suspended in May 2021 the marketing of the “cyber ransom” option. The group had been followed by Generali France at the beginning of 2022. However, the risks are increasing. At the end of August, the South Francilien Hospital Center (CHSF) in Corbeil-Essonnes was the victim of a computer attack. A ransom demand of $10 million was demanded by the hacker(s).
The measure, present in the orientation and programming bill of the Ministry of the Interior (LOPM), is on the whole well received by insurers. “Any imprecision in a contract is bad for the insured and for the insurer. So everything that goes in the direction of clarification goes in the right direction,” observes Florence Lustman, the president of France Assureurs. Insurance covering cyber risks is very rare (3% of damage insurance contributions for professionals). “It’s a risk that we still have a little trouble understanding”recently explained Bertrand Romagné, president of the Association of reinsurance professionals in France (Apref).
To develop this market, the Directorate General of the Treasury recommends, among other things, to better measure cyber risk, by sharing data between the public and the private sector. And “to increase efforts to raise awareness among companies”VSEs and SMEs in the lead. “They are the ones that must be ensured as a priority in the face of the threat of ransomware. They are tempted to pay the ransom when in 99% of cases, the large groups refuse,” says Mickaël Robart, director in charge of development at the broker Diot-Siaci.