This TechTarget article includes results from the useful Delinea white paper: “Cyber Insurance – If You Get It, Be Ready to Use It.”
“(Kurtis Minder, CEO of cybersecurity vendor GroupSenseMinder) has observed threat actors only becoming more ruthless in exploiting enterprises. For example, earlier this month the Alphv ransomware gang leaked photos of cancer patients after Lehigh Valley Health Network declined to pay the ransom.
‘I’ve been in cases where I’m certain I could negotiate the threat actor much lower, but the insurance company steps in and says, ‘Nope, that’s good enough,’ Minder said. ‘We understand you want to get the customer up and running, and there’s operational interruption that could drive that. But in some of these cases, that wasn’t true. It was more extortion driven. So now we’re, like, overpaying the bad guys.”‘
Security experts weigh in on whether cyber insurance carriers have too much influence in incident response cases, particularly around ransomware.
Source: Cyber insurance carriers expanding role in incident response | Tech…