
The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware - tysone
https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks
======
bertil
There isn’t an economic balance for ransom: if a gang ransomed someone, know
that the security issue won’t be fixed in the next month, they could sell the
name to another gang. Even if it’s not in the long-term interest of the gang,
members might leak, voluntarily or not.

This means that there will be a surge in activity but the cost will grow in
ways that few insurers might expect -- Lloyds excluded, who can draw on their
experience of dealing with sea piracy to model self-financing extorsion.

I expect this will rapidly turn into reasonable budgets for OpSec, and
enforcement by the insurer’s expert: procedural but at least not based on the
dual “there was no incident lately, therefore you are useless/there was an
incident lately, therefore you are useless”.

