Cyber insurance coverage is seen as a loophole in a proposed New York bill that bans municipalities from paying ransomware demands.
Senate Bill S7246 (SB S7246) was introduced earlier this month in the New York State Senate in response to a wave of ransomware attacks that have hit Riviera Beach and Lake City in Florida, New Bedford in Massachusetts, and Atlanta in Georgia.
The bill was introduced by state senators Phil Boyle, George Borrello, and Sue Serino with the goal of funding necessary upgrades to a city or municipality’s cyber defences and thereby mitigating the incentive for ransomware operators to target them – at the cost of preventing local governments from paying ransomware demands.
“A small investment in local government cybersecurity now, can help stop cybercriminals from profiting on the backs of New York State taxpayers and protect important state and local government services from disruption,” the bill said. “To incentivize these upgrades, the bill will prevent state and local governments from paying ransoms for ransomware attacks after January 01, 2022, by which time they should be able to sufficiently upgrade their cybersecurity systems.”
However, Colin Bastable, chief executive officer of cybersecurity firm Lucy Security, told Threatpost that municipalities have a loophole – in the form of cyber coverage.
“Of course, insured municipalities can get around this, as they don’t pay the ransoms,” he said. “The terms of their policies require that they cede control of the situation to the insurance company.”