Ransomware is malware that encrypts files, then demands a fee for decryption. Victims are typically notified via a screen lock that the files have been encrypted and that the only way to get their data back is by paying a ransom through cryptocurrency. Phishing, remote desk protocol (RDP) exploitation and software vulnerabilities are the principal root causes of ransomware infections. Companies can minimize these risks by regularly patching and updating systems and raising employee security awareness.
Coverage Options
In the wake of the ransomware crisis, insurers have hardened their cyber insurance policies, requiring prospective insureds to meet higher cybersecurity standards to receive coverage. It has forced organizations to invest more in MFA, data backup solutions and EDR. Combined with the general hardening of the cyber insurance market, it has also raised premiums for insureds. Whether this will positively or negatively impact mitigating the ransomware threat is still being determined. Still, interviewees agreed that insurance does not replace businesses’ need for strong security controls. Rather, the take-up of insurance provides businesses with the financial means to mitigate their ransomware risk and can be used alongside other control mechanisms to improve business resilience against attacks.
Some research has suggested that the existence of ransomware insurance may lead to a moral hazard effect, whereby organizations with coverage for ransom payments may feel less inclined to invest in stringent risk mitigation strategies. However, the evidence is not conclusive on this point, and many organizations with cyber insurance still make use of security controls to reduce their exposure. Cybersecurity companies like Fortinet advise against companies paying ransomware settlements regardless of insurance coverage to avoid putting a target on their back and showing hackers they are willing to pay.
Policy Limits
With a steady stream of attacks that target businesses across the globe, the demand for ransomware insurance coverage has grown. However, the market is in flux as cybersecurity trends trigger shifts for insurers and organizations. Insurance carriers are attempting to forecast better cyber risk to create accurate policy cost estimates and to ensure they can pay claims for an incident. It has caused a spike in premiums. However, data also indicates that companies are getting more adept at security practices and demonstrating more resilience to cyber incidents. These positive developments should lower premiums for those with adequate defenses and willing to commit to prevention measures. The threat landscape continually evolves, and a solid risk management strategy has never been more important. A firm may be protected from ransomware attacks by having a complete set of rules and processes, well-trained personnel, and a robust risk assessment.
In addition to implementing these best practices, organizations should have a plan to restore systems and networks after a ransomware attack. It includes maintaining offline, encrypted backups and testing them regularly. This step is especially important, as some ransomware variants can find and encrypt backups to render them unusable.
Coverage Exclusions
Cyber insurance can protect businesses after they’ve been hacked, and ransomware is one of the fastest-growing threats. It means firms need protection from the financial costs of such attacks and technical support to recover from them. It is why many cyber insurers offer policies covering ransomware attacks, and they’re becoming increasingly prevalent in the marketplace. Some of these policies include business interruption coverage, which can help pay for lost revenues due to disruptions in operations following a ransomware attack. Others also offer coverage for legal expenses, which can be high in such cases, or coverage for data recovery, which can be critical for restoring encrypted files. Some insurers may exclude certain types of cyberattacks from coverage, such as attacks against a firm that occur in “acts of war.” However, these policies can still be a good investment for many businesses, especially given the high cost of unprotected cybercrime.
While cyber insurance has historically been available to organizations of all sizes, the burgeoning demand for this type of coverage is driving significant policy changes. As insurers face mounting losses related to cyberattacks, they require higher premiums, more stringent security requirements and tighter terms and conditions to make a profit. In some cases, insurers even offer cyber insurance only if companies follow certain cybersecurity best practices, including backing up all data, deploying a reputable cybersecurity system and training employees on email security.
Coverage Considerations
In addition to assisting with costs related to a ransomware attack, cyber insurance can help improve resiliency against such threats. In addition to a network security coverage grant, many policies include privacy liability coverage, which can pay out for any breach of sensitive customer or employee information, including data exploitation from ransomware infections. It helps pool insureds similarly at risk and spread the potential losses of a serious breach or cyber extortion demand. Cyber insurers can also help businesses boost their resiliency against ransomware attacks by driving best practices and awareness within the organization. For example, a cyber insurer may have strict requirements around ransomware defenses, which can help firms invest in tools and systems to better protect against this threat.
Insurance can also help to provide some financial incentive not to pay a ransom demand. It is particularly true if the demanded amount does not come close to the total cost of an operational disruption, as seen in some recent cases. Finally, consider the risk management and cybersecurity hygiene practices of any third parties or managed service providers (MSPs) your business relies on for its operations. These should align with your own internal best practices and include a separation of duties to prevent shared access to sensitive systems.