Premiums Climb as Ransomware Bites

A ransomware attack can sink a company. The average ransom cost is now $154,108, and the average downtime caused is 21 days.

Ransomware is on the rise and posing significant challenges for the insurance industry. Ransomware attacks soared by 485% last year compared with 2019, according to Bitdefender. Cybercriminals and state-sponsored hackers alike are employing ransomware to line their pockets and cause mayhem. The Colonial Pipeline, the Harris Federation, CNA Financial and Acer are just a few of the high-profile victims so far this year. 

Without proper planning and protection, a ransomware attack can sink a company. The average ransom cost is now $154,108, according to Coveware, and the average downtime caused is 21 days. 

As more and more victims pay up, cybersecurity insurance carriers are changing their products, increasing premiums, and limiting coverage. 

Attackers Targeting Insurance Providers

While cybersecurity policies covering ransomware used to be relatively easy to find and offer generous potential payouts, that’s no longer the case. Ransomware gangs have been doing their homework. They gain access to insurance company client lists and hack into networks to study individual policies for the purpose of uncovering maximum policy limits of targeted companies.

An anonymous spokesperson for the REvil ransomware gang was recently asked about targeting insurers in an interview for The Record, and said, “Yes, this is one of the tastiest morsels. Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.”

Any insurer that responds to this onslaught with a blanket policy of not paying ransoms is soon under siege. Cybercriminals unleash coordinated attacks designed to make examples of these carriers and warn off other insurers that may be considering a similar no-pay policy. Inevitably this has impacted the coverage carriers offer. 

Insurers Building Experience

The silver lining here is that the cyber insurance industry has a vested interest in keeping costs, risk and recovery time down. To that end, insurers engage the very best incident responders with a proven track record. For a victim seeking a ransomware recovery specialist, a cybersecurity carrier might be the fastest and easiest route to the top talent. 

As insurers build a knowledge base and deal with the aftermath of more and more ransomware incidents, they are also gaining a deeper understanding of how to guard against such attacks. 

Organizations seeking consultation on what they might do to prevent ransomware infiltrating their networks, how to cope during an attack, and the fastest path to recovery can get solid advice from carriers. But all this experience comes at a price.

See also: 6 Cybersecurity Threats for Insurers

More Stringent Requirements and Fewer Options 

Any organization shopping for cyber insurance will find the market very different than it was just a few years ago. Many carriers are now refusing to insure for ransomware and those that do require solid proof that strong security controls are in place before they will issue any policy. Coverage scope and optional add-ons have been drastically reduced across the board, but particularly in industries with high exposure and susceptibility.

Even with every box ticked, the amounts that insurers are offering now are relatively limited. Premiums in general are higher, but for organizations considered to be high-risk with large limit requirements, policies may be prohibitively expensive. It’s important to remember that even with the climbing costs, cybersecurity insurance will still be cheaper than a breach for most organizations. A third-party assessment and strict requirement for strong controls can also prove invaluable in strengthening your security posture.

No Substitute for Proper Cybersecurity Planning

Ultimately, cybersecurity insurance is a complementary product that can help reduce business risk. It’s crucial to take appropriate steps to guard against ransomware and to fully plan and practice how to deal with an incident. Consider that the most likely way for ransomware to break in is through social engineering. Train your staff to spot phishing attacks and build response plans to investigate and deal with them.

Other smart protective actions include a regular patching procedure to ensure software is kept up to date, a comprehensive asset list that gives you a complete picture of company hardware, and properly protected off-site backups from a variety of points in time. Craft incident response and recovery plans to clearly delineate correct procedures and responsibilities and then test them in a mock attack to ensure you’re ready for the real thing.

If you are operating without coverage or your policy is coming up for renewal soon, make sure you dig into the details and fully assess your options. You may find that the budget you have allocated based on previous policies is no longer suitable. Just remember, the stronger your defenses are, the easier and cheaper it will be to secure a cybersecurity insurance policy that gives you the cover you need.

Stu Sjouwerman

Profile picture for user StuSjouwerman

Stu Sjouwerman

Stu Sjouwerman is founder and CEO of KnowBe4, [NASDAQ: KNBE] developer of security awareness training and simulated phishing platforms, with over 37,000 customers and more than 25 million users. KnowBe4 also offers a KCM GRC platform that provides ready-made templates for quick compliance evaluations and reporting.

Read More