Ransomware and Cyber Insurance
Ransomware attacks are increasing in sophistication, frequency, and severity. The number of ransomware attacks worldwide has risen for the past few years, peaking at 68.5 percent in 2021. The severity of incidents has also been increasing, with Ponemon Institute reporting that the average cost of a ransomware attack is $4.62 million, more expensive than the average data breach. These costs include escalation, notification, lost business, and response costs, but do not include the cost of the ransom.
It’s no wonder, then, that we’re seeing a rise in the popularity of cybersecurity insurance. Cyber insurance is designed to protect organizations against the fallout of cyberattacks, such as ransomware, by covering the financial costs of the ransom itself or the ensuing cost of remediation. The financial impact of a ransomware attack is multifaceted and goes well beyond ransom payment. Business interruption, revenue loss, potential exposure of sensitive data and related third-party liability, forensics and restoration expertise, breach coaching, and ransomware negotiations can all be covered in a cyber insurance policy.
Cyber Insurance May Be Doing More Harm than Good
Because most cyber insurance providers cover both the cost of the ransom payment itself (or at least some of it) and recovery from a ransomware attack, insurance is undoubtedly an attractive idea for organizations that want to protect themselves from the rising threat of ransomware.
However, rather than helping organizations bounce back after a cyberattack, cyber insurance policies may actually be making them more susceptible to a ransomware attack in the first place. There are widespread concerns that cyber insurance encourages ransomware victims to simply pay the ransom demand since it will be covered by the insurers rather than have adequate security to deter hackers in the first place.
Also, ransomware criminals have become efficient and ruthless professionals. They typically hack the insurers first—to get their customer base and work in a targeted way from there, attacking organizations with cyber insurance coverage. That’s because cybercriminals believe that’s the best way to guarantee they’ll make money from ransomware campaigns – it’s usually far cheaper and quicker for insurance companies to provide funds to pay a ransom than help an organization hit by a ransomware attack to restore its data from scratch or cover losses from business interruption.
Proactive Defense is Crucial to Protect Against Ransomware
Ultimately, the cost of a cyberattack is rarely something that can be covered by any degree of insurance – most organizations that experience a data breach also end up with severely damaged reputations, which isn’t something that any insurance policy can remedy. So while cyber insurance can be valuable as a financial hedge, it should be considered part of a company’s overall security strategy. Instead of solely relying on cyber insurance, organizations that want to avoid a ransomware attack should adopt a proactive approach that minimizes their attack surface.
Here are a few tips to avoid ransomware and mitigate the damage:
- Back up your company’s data regularly: The main objective of ransomware attacks is for attackers to take your data and lock you out of your systems. Ensure you create offline backups that are kept separate from your network and systems, in a different location (ideally offsite) or a cloud service designed for this purpose, as ransomware actively targets backups. While this won’t protect you from being the target of a ransomware attack, the fallout won’t be nearly as devastating if you’re ever attacked.
- Strengthen patch management: Consistently monitor for vulnerabilities and regularly update systems with the appropriate security patches to ensure threat actors can’t take advantage of known flaws to gain access to your networks and distribute ransomware. Audit patching processes and implement technologies and policies that can make them more effective.
- Use the principle of least privilege: Employees should never have more access to data than they truly need. Segmenting your organization and restricting access can provide a kind of quarantine effect, minimizing the impact of a potential attack and limiting access vectors.
- Have an incident response plan: The best way to stop a cyberattack from turning into a full breach is to prepare in advance. You must respond quickly and follow a structured, systematic approach to the recovery process. Organizations that fall victim to an attack often realize they could have avoided significant financial loss and business disruption if they had an incident response plan in place.
- Don’t pay the ransom: Restoring systems that have been compromised can be a long and costly process, but you can’t trust cybercriminals to keep promises. Paying the ransom doesn’t guarantee you’ll get your files back, and your stolen data won’t be published.
- Train your employees: Provide continuous security awareness training to ensure your employees follow cybersecurity best practices and help them detect and react to the latest phishing techniques.
Alvarez Technology Group can help improve your company’s cybersecurity posture and help protect you from cyberattacks. Contact us today for more information on our IT services.