Wave Systems Corp. (fka WAVXQ)

[Genz2]

Experts suggest French insurer AXA's plan to shun ransomware payouts will set a precedent

https://www.cyberscoop.com/axa-ransomware-cyber-insurance-policies/

==================================================================
When French insurer AXA signaled last week that it would no longer write new cyber-insurance policies covering extortion payouts to criminals, ransomware and cyber insurance experts had two reactions. They wondered why it took so long, and how long it would take others to follow suit.

Ransomware is an ever-increasing cause of cyber-insurance claims, according to industry estimates, and having such insurance may make policyholders more likely to be attacked. A representative of the REvil ransomware gang said in a March interview that the group specifically targets victims known to have cyber-insurance, because they’re “one of the tastiest morsels” who can more easily afford to pay. In perhaps the biggest ransomware payment of 2020, smartwatch maker Garmin paid a reported $10 million and said it wasn’t sure how much its insurance would cover of all the costs, which it didn’t enumerate by type of expense.

Those conditions can perpetuate themselves. The more victims pay, the more criminals attack, and the more cash it takes out of victims’ and insurers’ pockets. AXA’s decision, announced Thursday, appears to be the first time an insurer said it will no longer cover ransomware payments, though it was not a surprise to industry observers.

“I’m surprised it hasn’t happened sooner,” said Jon DiMaggio, chief security strategist at threat intelligence firm Analyst1. “These insurance companies don’t like to spend money and we’re going the opposite direction that they want to go, so I think we’re going to see more companies getting out of it.”

A spokesperson for AXA XL, a U.S. subsidiary of the French company, said the announcement doesn’t apply outside France, and doesn’t apply to ransomware-related incident cleanup costs. (The decision occurred before hackers breached a U.S. pipeline company, an incident that warranted a briefing to President Joe Biden.)

“As is standard market practice in the U.S., we provide ransomware cover as part of a broader cyber policy,” the spokesperson, Christine Weirsky, said via email.

“The current cyber insurance market is very challenging prompting many markets to look carefully at coverage and capacity,” she said. “We also continue to monitor the evolving regulatory environment regarding ransom payments. We’re committed to working with our brokers and clients, in addition to regulators, law enforcement, cyber security professionals and others, to find appropriate protections and risk mitigation/reduction strategies to meet this evolving landscape.”

AXA’s move could be a positive one, said Megan Stifel, executive director of the Americas at the Global Cyber Alliance. Even if the move starts a trend, though, more work will be necessary, said Stifel, who served on a Ransomware Task Force that recently released recommendations on cyber-insurance and more. Furthermore, it’s not clear if insurance companies are responsible for very many ransomware payouts.

“It’s a great first step,” Stifel said. “Hopefully more will follow and then hopefully the chokehold on ransomware payments will begin to follow.”

If the trend of insurers cutting off such payments happens too quickly, though, it could be bad for businesses, said Austin Berglas, former head of the FBI’s cyber unit in New York City and global head of professional services at cybersecurity firm, BlueVoyant. Other insurers might take a more moderate approach.

“I think they’re going to put more restrictions around payment, and say, ‘We will make payments. We will cover you for ransomware pain and if you do X, Y and Z, which is a good thing,'” Berglas said “Chopping it off and saying, as of today, ‘We’re not making payments anymore,’ that puts a lot of companies in a bad spot.

“Whereas, if you do it slow roll, and say ‘Hey look guys over the next six months, we’re going to change our policies for renewal, saying we’ll cover you if you do these things, like two-factor authentication,'” that would be a better way forward, he said.

Today, some companies do impose baseline security steps from policyholders as part of their cyber coverage, but Stifel said some also require nothing.

At least one fellow cyber insurance provider, Cowbell Cyber, said it doesn’t plan to do what AXA did. Founder and CEO Jack Kudale said companies still need protection from ransomware, and that better risk assessments and more closely aligning coverage to threats is a better way to respond to cyber extortion than simply halting payments.

That France is the nation where an insurer first swore off of ransomware payouts makes sense, DiMaggio said, given its aggressive posture compared to other countries in tackling the phenomenon. France was at the forefront of the operation this year to arrest alleged hackers who use the Egregor ransowmare, for instance.

Ransomware was also the subject of a French Senate hearing last week where a cybercrime prosecutor reportedly said, “The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay.” And Emsisoft estimated that France was second to the U.S. in ransomware damages to businesses, hospitals, local governments and schools, incurring more than $5.5 billion in costs last year.

Even if insurers mimic AXA, it’s clear ransomware will still impose incident costs for victims and insurance companies alike. Benchmark Electronics, an Arizona-based manufacturer of medical and aerospace equipment, said in a May 6 Securities and Exchange Commission filing that it had collected $10 million in insurance payments stemming from a 2019 ransomware attack on its systems. The incident cost the firm $12.7 million in legal, IT forensics and other fees.
=================================================================
http://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global

Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company

Wins competitive evaluation against market leader in two-factor authentication tokens

Lee, MA -

December 17, 2015 -

Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.

The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.

“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”

Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.

Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
=================================================================
http://www.wavesys.com/products/wave-virtual-smart-card

http://www.wavesys.com/

http://www.wavesys.com/contact-information

Contact Wave

Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com

Gold Customer Support:

goldsupport@wavesys.com

1-800-928-3638

Support:

support@wavesys.com

1-844-250-7077

Sales:

1-877-228-WAVE