Ransomware attacks are becoming increasingly common, and organizations of all sizes are at risk. Ransomware insurance can help businesses prepare for and respond to such attacks (see Global Cyber Crime, Fraud & Ransomware Survey).
According to a study by Statista, over 500 mn ransomware attacks occurred globally in the 2022. These attacks resulted in steep recovery costs of $2 mn on average per attack.
Ransomware is a type of malicious software that utilizes encryption to take control of a user’s or organization’s crucial data and demand a ransom — typically in the form of Bitcoin or other digital currency. It has the potential to quickly exploit networks, databases, and servers without any restriction, rendering entire organizations helpless. In some cases, attackers may steal data before encrypting it and threaten to release this information unless the ransom is paid publicly (see about Ransomware & Reduce Cyber Risk).
When ransomware insurance is combined with other measures such as user education and awareness, data backups, and endpoint security software, it can provide an additional layer of protection in the event of a ransomware attack.
However, companies should still take proactive steps to reduce the risk of a ransomware infection.
Hackers now use “triple extortion” techniques, and ransomware-as-a-service has lowered entry barriers to rogue actors. Small and medium-sized enterprises (SME) with little defence capacity have become easy targets for cyber criminals, while digitalisation of industries including the healthcare and critical infrastructure sectors, has increased vulnerabilities across entire supply chains.
Insurance plays a key role, providing not just for risk transfer but incentivising risk mitigation, supporting monitoring and aiding responses to cyberattacks.
But the cyber protection gap remains large, with premiums amounting to just a fraction of total losses from cyberattacks. Most firms are uninsured or significantly under-insured for cyber risks (see Embedding Cyber Risk in Risk Management).
This includes regularly patching vulnerable software and hardware, deploying endpoint security solutions, monitoring suspicious activity, and training users to identify malicious emails and websites (see How Are Growing Cost of Ransomware Attacks Impacts for Insurance). By taking these proactive steps, companies can better prepare themselves for potential attacks and reduce their need for costly insurance coverage.
Why Are Ransomware Attacks Increasing?
Ransomware attacks are becoming increasingly sophisticated due to the widespread availability of powerful computing resources. As such, many attackers have begun using algorithms designed with superior security features, making it nearly impossible for anyone other than the attacker to decrypt their victims’ files without access to their private keys (see New Cyber Risk & Ransomware Trends).
It is also a lucrative project for attackers. One successful attack can score them millions of dollars in ransom payments. Payment of ransoms has been made easier and carries less risk for criminals due to the rise and availability of cryptocurrencies like Bitcoin, which facilitate payments between attackers and victims without revealing personal information.
How Does Ransomware Insurance Work?
The purpose of ransomware insurance is to reimburse organizations for lost or stolen data, system downtime, and other expenses associated with a ransomware attack (see about Ransomware Protection).
An organization with ransomware insurance can cover associated costs, such as IT costs to restore systems, hiring experts to help mitigate the attack, legal expenses, and even public relations costs.
When purchasing ransomware insurance, it is essential to know the coverage limits and exclusions. It is also important to ensure the policy covers the costs associated with responding to a breach and helping organizations recover their data.
Analysis of claims data reveals a number of evolving trends:
- Ransom demands continue to increase, though claims severity has started to plateau.The ransomware business model has begun to mature, though attackers are showing no signs of slowing down. The average ransomware demand made against our policyholders increased 20% in the latter half of 2021 and the claims severity increased 10%.
- The frequency of other attack techniques also rose as hackers expanded to new tactics. This heralds an era of omnidirectional threat-equality — cyber threats are ever-present from all angles. While ransomware may be the most newsworthy, no attack vector can be trivialized or ignored.
- Small businesses are disproportionately impacted. As attacks become increasinglyautomated, it has become easier and more profitable for criminals to target small organizations. Overall claims severity rose 56% for small organizations under $25M in revenue. A dramatic increase in claims frequency, with a 40% increase in ransomware attacks and 54% increase in funds transfer fraud attacks.
- Active Insurance works. We’ve processedmore claims across more organizations in the past year than in any other period, and there wasn’t a single organization that we weren’t able to help successfully recover. Through our active protection and response capabilities, we were able to solve 46% of reported incidents at no cost to the policyholder.
A Key Benefits of Ransomware Insurance
While ransomware insurance cannot guarantee complete protection against a cyberattack, it can give organizations peace of mind knowing they have taken steps to protect themselves financially should something go wrong (see Ransomware Insurance and Cyber Risk Landscape).
1. Financial protection
Ransomware insurance provides financial protection for businesses in case of a successful ransomware attack since the cost of restoring data and systems is high.
Depending on the policy, an insurer can provide a lump sum payment to help cover the cost of downtime, data recovery, and other expenses associated with the attack. This can be especially helpful for companies that lack the resources to deal with a ransomware attack.
2. Access to expertise
Ransomware insurance policies usually come with access to specialized expertise. Insurers typically provide access to a team of experts who can guide organizations on how to prevent and respond to a ransomware attack. This can include advice on handling negotiations with a ransomware attacker and limiting the damage caused by the attack.
3. Peace of mind
The most important benefit of ransomware insurance is the peace of mind it provides. Businesses that purchase a policy can rest assured that they will have financial protection in case of a ransomware attack. This can help reduce the stress associated with the possibility of a successful attack and allow businesses to focus their efforts on preventing a ransomware incident from occurring in the first place.
4. Legal expense reimbursement
Ransomware insurance can provide legal expense reimbursement to help cover the legal fees associated with a ransomware attack. This can be especially useful for businesses that must report a ransomware attack to law enforcement or regulatory authorities.
5. Coverage for first- and third-party losses
Ransomware insurance can offer coverage for both first-party losses (i.e., losses suffered by the insured) and third-party losses (i.e., losses suffered by other parties, such as customers). This may include business interruption costs, data and system recovery, forensics and legal assistance, and public relations. Depending on the policy, coverage may be available for damage to reputation, cyber extortion costs, and cyber extortion liability.
When shopping for ransomware insurance, reviewing the coverage carefully to ensure it meets your organization’s specific needs is essential. Here are some key points to consider when reviewing ransomware insurance policies:
- Coverage for IT Forensics: It is essential to look for coverage that includes IT forensics, which will help you determine how the ransomware attack occurred and how to best respond.
- Coverage for Business Interruption: Look for coverage that includes business interruption, a critical component of ransomware protection. This will help cover any losses due to downtime or disruption in operations resulting from the attack.
- Coverage for Legal Expenses: Make sure your coverage includes legal costs, which can be high in the event of a ransomware attack. Legal counsel may be needed to navigate the complexities of a ransomware attack and ensure your business is protected.
- Coverage for Data Recovery: Look for coverage that includes data recovery since restoring encrypted data is one of the critical components of successfully recovering from a ransomware attack.
- Coverage for Cyber Extortion: Cyber extortion is a common component of ransomware attacks, and your coverage should include this to help protect you from paying any ransom demands cybercriminals may make.
What Affects the Policy Coverage and Price?
In addition to issues like estimated cost of an attack and an organization’s size and cyber security infrastructure, other factors that can affect the coverage and price of a ransomware insurance policy, including:
- Insurer’s Risk Exposure: The insurer will assess the risk of a ransomware attack occurring by conducting vulnerability scans. The amount of coverage provided will depend on the perceived threat.
- Geographic Region: The geographic area can influence the coverage and price of a policy, as insurance companies may have different premiums in different areas.
- Policyholder’s Claims History: The policyholder’s claims history can have an impact, as insurers may be more willing to provide coverage to policyholders with a history of filing fewer claims.
- Policyholder’s Cybersecurity Posture: The policyholder’s cybersecurity posture, including the strength of their security systems and the measures they have taken to protect their data, will influence the coverage and price of the policy.
The policy price will also depend on the insurer and the coverage limits they offer. Generally, the more comprehensive the coverage, the higher the cost of the policy.
