Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency, dismissed the idea of a ban on ransomware payments in the United States. In a discussion with the former head of the UK’s National Cyber Security Centre, she mentioned the difficulty in reducing ransomware attacks and highlighted the importance of the Cyber Incident Reporting for Critical Infrastructure Act in providing better insights into the cyberattack ecosystem. Easterly also emphasized the need for a Secure-by-Design campaign to address vulnerabilities in technology.
TeamViewer, a remote access software company, experienced a breach in its corporate IT environment attributed to Russian state-affiliated threat actors known as Midnight Blizzard. The breach involved compromised employee account credentials and was contained within TeamViewer’s corporate systems, with no evidence of further access to customer data. The company has taken steps to mitigate risks, including collaborating with Microsoft and implementing stronger authentication procedures.
A survey conducted by Sophos reveals that 76% of companies have strengthened their cyber defenses in order to qualify for cyber insurance coverage. However, respondents have mixed confidence regarding the extent of coverage, with many unsure if their policies cover ransom payments or income loss. Cyberattack recovery costs surpass insurance coverage limits, with only 1% of claimants fully compensated.
Why do we care?
The headline for me is that a ban on ransomware payments is not coming. I had hoped it would. Clearly, too much of a stretch for the readiness of most organizations.
The survey highlights the positive impact of cyber insurance requirements in driving necessary security measures but emphasizes that it is just one part of an effective risk mitigation strategy. It stands to reason that one way to drive customer action is to get them to get insurance. But note that cyber insurance is generally a mess. One could prepare for insurance… and start setting that money aside to self-insure. And earn some interest in the current market.

