top cx logo
cx logo
Explorearrow down
search icon
Explore
arrow down

Cyber attack insurance is approved to protect French firms

France has also created special policing units to crack down on the hackers who take over a firm’s computer system and threaten to destroy or release data unless paid

The law could come into force within a year Pic: Andrey_Popov / Shutterstock

Firms hit by ransomware attacks might soon be allowed to claim back from insurers the money they pay to criminal hackers to protect their data.

In October, the French Senate approved proposals from the economy and home affairs ministries to open the road for such claims, which are currently in a legal grey area.

How will the new law work?

No timetable has been set to implement the changes – the law has to be passed again by the Assemblée nationale, the lower house of Parliament – but they could come into force within a year.

Attacks see hackers take over a firm’s computer system and threaten to destroy or release data unless they are paid.

Senators voted that insurers could pay out as long as victims make a formal complaint to police within 24 hours of the initial ransomware demand, and before any money has changed hands.

How big is the problem?

The average amount paid out in 2021 was €6,400, says the Economy Ministry. However, this figure is distorted by a few demands in the millions when large institutions were hit.

France has created special policing units to crack down on attacks, but they are continuing. 

Read more: Cyber crime in France: campaign looks to boost preventative practices

In August, a hospital in the south Paris suburbs had to partially shut after an attack and $10million ransom demand from Russian-speaking hackers Lockbit 3.0. It did not pay and some health data was published online, opening it up to potential fraudsters.

Protect small firms

The economy ministry said allowing businesses to claim from insurers “would protect small firms who face going out of business if they are hit”.

Insurance companies were previously ready to include cyber attack payouts in general policies – similar to the way they pay if firms have money stolen. However, they were forced to backtrack after the Agence nationale de la sécurité des systèmes d’information warned that paying ransoms would encourage criminality.

Specific cyber attack insurance is mainly taken out by large companies in France, but insurers might offer tailored protection for small firms and individuals if the law is passed.

Related articles

Russian threat to France’s internet connection is ‘credible’

Insurance clarified for self-employed workers in France

France worst hit country in Europe for dark web bank card theft

Resident or second-home owner in France?
Benefit from our daily digest of headlines and how-to's to help you make the most of life in France
By joining the newsletter, you agree to our Terms & Conditions and Privacy Policy
See more popular articles
The Connexion Help Guides
featured helpguide
Visa and residency cards for France*
Featured Help Guide
- Visas and residency cards (cartes de séjour) for France help guide - Understand when visas and residency cards are required to move to France or come for an extended stay - Applies to Britons (post-Brexit) and to all other non-EU/non-EEA/Swiss nationalities - Useful to anyone considering a move to France, whether for work or otherwise, or wanting to spend more than three months at their French second home
Get news, views and information from France
You have 2 free subscriber articles left
Subscribe now to read unlimited articles and exclusive content
Already a subscriber? Log in now