The Expert Podcast

So how bad are cyber attacks and ransomware payments? They are so bad that even the government may step in and make them illegal. A little bit of background: There is a law called the FCPA (Foreign Corrupt Practices Act). What does that mean, and what does it have to do with cyber attacks? Well, many years ago, almost 30 years ago now, companies that went to another country to build a new factory, start a division, or put a satellite branch in another country found that, in many other countries besides the U.S., there was a lot of corruption. The government would come in and say, "Look, if you want to set up a factory, you have to pay us $500,000," or, "If you want to get this approval, you have to pay us a $2 million bribe." It was just blatant bribery, not hidden as anything else, and companies were paying this money for a long time. The companies didn't want to do it, so corporate industry went to the U.S. and said, "We want you to pass a law that says it's illegal to pay bribes to other countries' governments for business." The Foreign Corrupt Practices Act (FCPA) was born.

If another country said to you, "Hey, you want to build a factory, you have to pay a bribe," you could say, "Hey, I would do it, but it's illegal. I can't pay it. I don't want to go to jail. I don't want to get a fine." So, they made it illegal, which gave the companies an out. It gave them a third-party excuse, like, "Hey, we can't do it." It's kind of like that whole "we don't negotiate with terrorists" thing. And it worked for the most part. Yeah, there are still some workarounds, where instead of paying a bribe, you might promise to hire the prime minister's son for a no-show job, but it really put a crimp in it.

Now, the government is looking at similar laws for ransomware attacks. There's so much of it going on, and the companies don't like doing it, and the insurance companies don't like doing it. The government is starting to talk about making it illegal, making it a crime.

My personal opinion is that some of these ransomwares might actually be a violation of the FCPA if the hacker is part of a government or an extension of a government. It might already violate the FCPA, but in order to clarify it, the U.S. government is scrambling to find ways to disrupt ransomware networks. There are thousands of hacks annually. Right now, if you have cyber insurance, your insurance company has claims you can pay for. They pay for a lot of other things, but they could pay for the ransomware. They pay for monitoring, response, IT repairs, many other things, and losses if you lose money because your customers can't buy from you. The smallest percentage of the payout, a lot of times, is the ransomware; usually, the other costs are more.

The government is starting to talk to insurance companies, saying, "Look, you can't ensure the ransomware payment. You can pay for everything else, but not the ransomware." If that happens, it will put a big crimp in the operations of these companies.

So, your thoughts? Do you think that there should be a law or rule or discouragement of paying these ransoms? Maybe at that point, the hackers will stop asking for them. Or do we need to have that protection in the system? Either way, cyber insurance is a good way to prevent, dispute, and react to any kind of attack on your business. There are a lot of tools that go into a policy: active monitoring, where they put little monitoring clips on your servers to see if there’s a hack in progress or being set up over weeks before it happens. They have a response team that will be able to deal with your vendors, accounts payables, accounts receivable, to make sure you don't get disrupted. And right now, at least they pay for your ransom. Cyber insurance is a new type of risk that a lot of companies are starting to realize, but paying the ransom is controversial. Whether or not it should be done or not really remains to be seen.

Thank you for watching! Remember, you can access live one-on-one personal consultations with a licensed private investigator, a licensed commercial insurance broker, a licensed certified real estate title examiner, or even a certified civil court mediator. So, if you need to talk to an expert in any of these fields, or even a licensed building general contractor, click the link below at actualhuman.com and arrange a live one-on-one, undivided attention with a licensed expert. Ask any questions, get information about your situation, and we'd be glad to help.