Role of Ransomware in Cyber Insurance

Fewer than half of firms have policies that cover "critical risks," including ransomware, ransom negotiations and ransom payments.

Green and blue lit up digital elements -- a computer and code and artificial intelligence

Ransomware accounts for a staggering 75% of all cyber insurance claims, a significant jump from 55% in 2016. However, new research from Delinea finds that fewer than half of respondents reported having policies that cover "critical risks," including ransomware, ransom negotiations and ransom payments.

The Ransomware Surge and Its Connection to Cyber Insurance 

With ransomware attacks on the rise, and no signs of slowing, cyber insurance companies have had to evolve quickly. Cyber insurance companies have started considering their own risks and exposure and have raised premiums and increased their cybersecurity requirements before granting coverage. Carriers are looking more closely at how well organizations follow security best practices, such as access control, multi-factor authentication (MFA) and the principle of least privilege. 

Some insurance companies have started pulling back and insuring less or putting more limitations on their policies. For example, many cyber insurers may deny claims due to lack of security controls, acts of war or terrorism, not following compliance procedures and even simple human error – if an incident or ransomware attack is caused or worsened by misconfigurations, insurance companies can argue that it could have been prevented and deny incident claims.

It is extremely important to follow cybersecurity best practices and fully understand your cyber insurance policy to ensure you get the coverage you expect in the event of an attack.  

Understanding Your Cyber Insurance Policy 

It is clear that cyber insurance won’t cover all security incident costs. Many insurance companies will not pay ransomware costs or even help cover all of the costs involved. Oftentimes, organizations must accept the consequences of an attack and, even with insurance, will have to cover the costs to get back on track.

According to Delinea’s research, insurance companies are least likely to cover lost revenue, regulatory fines, legal fees and ransomware payments. Instead, the expenses most often repaid by insurance were the costs associated with data recovery and incident response costs. As ransom attacks become more and more common, insurers will continue to modify their ransomware protection to reduce the level of coverage they offer.

Every insurance policy is different, so it is important to review yours carefully, and often to know exactly what your cyber insurance will and will not pay for and ensure that you are meeting their requirements. 

See also: Does Cyber Insurance Add to Ransomware?

Navigating the Complex Cyber Insurance Landscape 

The evolving landscape of cyber insurance requires careful consideration and preparation, especially when it comes to protecting against prospective ransomware attacks. To secure comprehensive cyber insurance coverage while managing costs, organizations must address the following aspects: 

  1. Security Controls: Organizations should implement robust security controls to reduce exposure to ransomware risks. Identity and access controls, password vaults and MFA are must-haves for any organization seeking insurance. These controls can also help minimize potential insurance payouts. 
  2. Budget Planning: It is important to allocate a budget for purchasing necessary technical solutions and for hiring skilled workers to meet the higher security standards required by insurance providers. 
  3. Risk Assessment: The insurance industry evaluates cyber risk using various models and metrics. Organizations must ensure they understand these metrics and are prepared to demonstrate commitment to cybersecurity risk controls. 
  4. Insurance Checklists: Businesses should look into various cyber insurance checklists to ensure they meet the minimum requirements set by insurers. There are also numerous cyber insurance questionnaires available that help businesses have well-informed responses ready for any question insurance companies may ask. 

Cyber insurance should complement a comprehensive cybersecurity program that includes employee training, robust security protocols, regular vulnerability assessments and well-defined incident response plans. With the cyber insurance landscape rapidly changing, and ransomware continuing to rise, it's important to stay informed about evolving insurance policies and industry best practices.

By taking steps to improve your cybersecurity posture and meet your insurance requirements, you can ensure that your organization is well protected and prepared for any adversaries.

Joseph Carson

Profile picture for user JosephCarson

Joseph Carson

Joseph Carson is the chief security scientist and advisory CISO at Delinea.

He has more than 25 years of experience in enterprise security and infrastructure. Carson is an active member of the cybersecurity community and a certified information systems security professional (CISSP). He is also a cybersecurity adviser to several governments, critical infrastructure organizations and financial and transportation industries, He speaks at conferences globally.


Read More