top cx logo
cx logo
Explorearrow down
search icon

Cyber attack insurance is approved to protect French firms

France has also created special policing units to crack down on the hackers who take over a firm’s computer system and threaten to destroy or release data unless paid

The law could come into force within a year Pic: Andrey_Popov / Shutterstock

Firms hit by ransomware attacks might soon be allowed to claim back from insurers the money they pay to criminal hackers to protect their data.

In October, the French Senate approved proposals from the economy and home affairs ministries to open the road for such claims, which are currently in a legal grey area.

How will the new law work?

No timetable has been set to implement the changes – the law has to be passed again by the Assemblée nationale, the lower house of Parliament – but they could come into force within a year.

Attacks see hackers take over a firm’s computer system and threaten to destroy or release data unless they are paid.

Senators voted that insurers could pay out as long as victims make a formal complaint to police within 24 hours of the initial ransomware demand, and before any money has changed hands.

How big is the problem?

The average amount paid out in 2021 was €6,400, says the Economy Ministry. However, this figure is distorted by a few demands in the millions when large institutions were hit.

France has created special policing units to crack down on attacks, but they are continuing. 

Read more: Cyber crime in France: campaign looks to boost preventative practices

In August, a hospital in the south Paris suburbs had to partially shut after an attack and $10million ransom demand from Russian-speaking hackers Lockbit 3.0. It did not pay and some health data was published online, opening it up to potential fraudsters.

Protect small firms

The economy ministry said allowing businesses to claim from insurers “would protect small firms who face going out of business if they are hit”.

Insurance companies were previously ready to include cyber attack payouts in general policies – similar to the way they pay if firms have money stolen. However, they were forced to backtrack after the Agence nationale de la sécurité des systèmes d’information warned that paying ransoms would encourage criminality.

Specific cyber attack insurance is mainly taken out by large companies in France, but insurers might offer tailored protection for small firms and individuals if the law is passed.

Related articles

Russian threat to France’s internet connection is ‘credible’

Insurance clarified for self-employed workers in France

France worst hit country in Europe for dark web bank card theft

Resident or second-home owner in France?
Benefit from our daily digest of headlines and how-to's to help you make the most of life in France
By joining the newsletter, you agree to our Terms & Conditions and Privacy Policy
See more popular articles
The Connexion Help Guides
featured helpguide
Income Tax in France 2023 (for 2022 income)*
Featured Help Guide
- Primarily aimed at Britons, covers pensions, rent, ISAs, shares, savings and interest - but also contains significant general information pertinent to readers of other nationalities - Overview of online declarations + step-by-step guide to the French printed forms - Includes updates given automatically after this year's site opened
Get news, views and information from France