But companies are still ignoring the risks
With ransomware attacks sweeping the world, cyber insurance continues to be big business in 2019.
In fact, ransomware incidents now account for 18% of all cyber claims, according to insurance firm Chubb.
The company explains [non-HTTPS link] that ransomware has represented 40% of cybersecurity insurance claims that came from manufacturing companies during the first nine months of this year – and 23% of those filed by smaller businesses.
Other insurers are seeing similar trends.
“Aon has noted an increase in ransomware frequency and severity, both in terms of downtime and ransom requests, in 2019,” Craig Guiliano, associate director at Aon’s Reinsurance Solutions business, tells The Daily Swig.
“This trend appears to be driven by the re-emergence of the ransomware-as-a-Service (RaaS) model, which significantly lowers the bar for would-be criminals.
“In addition, sophisticated criminal organizations have also shifted some of their focus and resources to ransomware from banking trojans, point of sale theft and data breaches,” Guiliano added.
However, despite the increase in attacks and ease in which they can be conducted, only half of global organizations have cyber insurance, says cybersecurity firm FireEye.
What does cyber insurance cover?
Cyber insurance covers a broad range of losses. For ransomware, this may involve paying out the ransom itself and the costs associated with system recovery and business interruption, as well as reputation management and data protection investigations after the event.
And the cyber liability insurance payouts can be very large indeed, with ransom demands alone now averaging $116,000, according to data from Beazley Breach Response Services.
Earlier this year, Lake City in Florida paid out $500,000 in ransom and Riviera Beach, also in Florida, forked out $600,000 after both were hit by the Ryuk strain of ransomware.
Even when the ransom isn’t paid, the costs can be astonishing.
Earlier this year, for example, Norsk Hydro refused to pay a ransomware demand after it was hit by a worldwide attack. Its quarterly report later revealed that the cost of the clean-up was $75 million – much of which will be covered by insurance.
However, according to Rick McElroy, head of security strategy for security firm Carbon Black, the widespread take-up of cyber risk insurance may be fanning the flames and encouraging more attacks.
“As the number of ransomware attacks continue to rise, more organizations are turning to cyber insurance to pay ransoms,” he tells The Daily Swig. “This can encourage cyber criminals to target even more organizations, creating a vicious cycle.”
He adds: “If criminals determine that a business is willing to pay, they are more likely to target that same business in the future.”
However, says Giuliano, this doesn’t appear to be the case for Aon’s customers.
“Aon has seen no evidence or reviewed any threat intelligence that suggests criminals are targeting businesses with cyber insurance policies,” he says.
“Victims appear to have been targets of opportunity – meaning they have succumbed to social engineering, and/or failed to patch existing vulnerabilities.”
Nonetheless, companies with cyber insurance can’t rest entirely easy.
“If ransomware infection rates continue to increase and/or the market experiences a ransomware or ‘wiperware’ event in the near to mid-term, the cyber insurance market may start to harden and premiums may increase,” Giuliano says.
In fact, though, the largest element of a cyber insurance payout tends not to be the ransom payment itself, but rather the associated clean-up costs.
According to ransomware mitigation specialist Coveware, the average incident lasts a little over 12 days. Even where a ransom is paid, data recovery can be an issue.
Only 98% of victims receive a working decryption tool, which then on average recovers only 94% of data – and in some cases much less.
For the Mr.Dec strain of ransomware, for example, the figure is a mere 30%.
How to protect against ransomware
Clearly, the best strategy is to try and minimize the chances of falling victim to a ransomware attack in the first place.
“As bad actors are continuously changing their attack techniques and increasing the complexity of the ransomware, it's imperative to implement multiple layers of preventative measures to mitigate potential incidents and ensure a reaction plan is in place if an attack occurs,” says Anthony Dolce, vice president and cyber lead of Chubb’s North America Financial Lines Claims.
“By regularly backing up data files and securing those backups offline, properly educating employees, investing in state-of the-art security and antivirus software and purchasing a comprehensive cyber insurance policy, businesses can be better prepared and protected, no matter the threat.”
YOU MIGHT ALSO LIKE Ransomware first responder: ‘The bad guys are getting smarter’