top cx logo
cx logo
Explorearrow down
search icon
Explore
arrow down

Cyber attack insurance is approved to protect French firms

France has also created special policing units to crack down on the hackers who take over a firm’s computer system and threaten to destroy or release data unless paid

The law could come into force within a year Pic: Andrey_Popov / Shutterstock

Firms hit by ransomware attacks might soon be allowed to claim back from insurers the money they pay to criminal hackers to protect their data.

In October, the French Senate approved proposals from the economy and home affairs ministries to open the road for such claims, which are currently in a legal grey area.

How will the new law work?

No timetable has been set to implement the changes – the law has to be passed again by the Assemblée nationale, the lower house of Parliament – but they could come into force within a year.

Attacks see hackers take over a firm’s computer system and threaten to destroy or release data unless they are paid.

Senators voted that insurers could pay out as long as victims make a formal complaint to police within 24 hours of the initial ransomware demand, and before any money has changed hands.

How big is the problem?

The average amount paid out in 2021 was €6,400, says the Economy Ministry. However, this figure is distorted by a few demands in the millions when large institutions were hit.

France has created special policing units to crack down on attacks, but they are continuing. 

Read more: Cyber crime in France: campaign looks to boost preventative practices

In August, a hospital in the south Paris suburbs had to partially shut after an attack and $10million ransom demand from Russian-speaking hackers Lockbit 3.0. It did not pay and some health data was published online, opening it up to potential fraudsters.

Protect small firms

The economy ministry said allowing businesses to claim from insurers “would protect small firms who face going out of business if they are hit”.

Insurance companies were previously ready to include cyber attack payouts in general policies – similar to the way they pay if firms have money stolen. However, they were forced to backtrack after the Agence nationale de la sécurité des systèmes d’information warned that paying ransoms would encourage criminality.

Specific cyber attack insurance is mainly taken out by large companies in France, but insurers might offer tailored protection for small firms and individuals if the law is passed.

Related articles

Russian threat to France’s internet connection is ‘credible’

Insurance clarified for self-employed workers in France

France worst hit country in Europe for dark web bank card theft

Resident or second-home owner in France?
Benefit from our daily digest of headlines and how-to's to help you make the most of life in France
By joining the newsletter, you agree to our Terms & Conditions and Privacy Policy
See more popular articles
The Connexion Help Guides
featured helpguide
Healthcare in France*
Featured Help Guide
- Understand the French healthcare system, how you access it and how you are reimbursed - Useful if you are new to the French healthcare system or want a more in-depth understanding - Reader question and answer section Aimed at non-French nationals living here, the guide gives an overview of what you are (and are not) covered for. There is also information for second-home owners and regular visitors.
Get news, views and information from France