Ransomware: The role of cyber insurance in protecting businesses

Ransomware is one of the fastest-growing cyberthreats faced by businesses today. This form of cybercrime can be targeted at companies of any size across any sector, so it’s something firms must make a top priority when defending their systems.
This doesn’t mean just preventing network breaches and data exfiltration. Companies increasingly need protection after they get hacked – both in terms of technological and financial support.
Therefore, cyber insurance policies that cover ransomware are increasingly a must-have for any business. But what does this involve, and why does it matter?

An introduction to ransomware
Ransomware can take several forms, but in its most common guise it involves the use of malware that infiltrates a network and encrypts critical files. This may be business information such as databases or critical files that render a device unusable. The hackers then demand payment in order to grant businesses access to their data again.
Increasingly, however, ransomware doesn’t end at simply encrypting files. Another growing trend is extortion, where data is also exfiltrated from a network. Hackers then demand further payments to prevent them publishing sensitive private data online.


Why should firms be focusing on ransomware threats?
Ransomware has become a hugely popular form of cybercrime for hackers as it’s relatively cheap and fast to deploy and offers the potential for large gains. Self-contained kits can be easily found on the dark web, meaning even criminals without advanced hacking skills are able to effectively launch such attacks.
As a result, ransomware is booming. Figures from International Data Corporation suggest that in 2021, more than a third of organizations globally fell victim to a ransomware attack, with the average payment almost a quarter of a million dollars.
The UK’s National Cyber Security Centre, meanwhile, declared in its 2021 Annual Review that ransomware has now become the “most significant cyberthreat” facing the country, due to its potential impact on areas such as critical infrastructure.
Why are ransomware costs increasing?
For businesses, the impact of ransomware can be huge, with the effects extending far beyond individual companies. For instance, consider the case of energy infrastructure firm Colonial Pipeline, which fell victim to a ransomware attack in 2021 that led to long lines at gas stations across the US east coast as the attack disrupted critical infrastructure supplies.
Another growing trend is the rise of secondary tactics such as data exfiltration and extortion. In this ransomware variant, hackers
actively steal private data instead of merely encrypting it, then threaten to release it publicly unless more ransoms are paid.
This can be especially harmful for businesses if highly sensitive material such as trade secrets get exposed. What’s more, publicly releasing data such as customer financial details can not only increase a firm’s risk of facing regulatory action, but can result in severely damaged reputations or the potential for class-action lawsuits.
How do these trends relate to cyber insurance?
One traditional response to ransomware is to ensure firms have effective backups in place. This means that should files be encrypted, the business can revert to these backups and continue without losing data or being required to pay up.
However, with the rise of tactics such as extortion and data exfiltration, this is increasingly becoming ineffective. Hackers are well aware of this, and as such are raising their demands, believing that firms will have no choice but to pay up, no matter the cost.
What’s more, with changing work habits such as increased remote working making it easier for criminals to gain access to poorly-defended systems, firms are increasingly seeing the need for protection that extends beyond traditional cybersecurity tools. As a result, the demand for ransomware insurance is growing all the time.

What is ransomware insurance and what does it cover?

Cybersecurity insurance has long been an important protection for firms concerned with the threat of data breaches. But policies that offer specific protection against ransomware attacks are becoming increasingly popular.
For instance, one insurer, AIG, reported a 150 percent increase in ransom and extortion claims between 2018 and 2020, with these now being responsible for one in five insurance claims. So what do these policies offer?
How does ransomware insurance work?
This type of insurance essentially allows businesses to claim back the costs associated with these attacks. While many enterprises may see this as a way to recoup the direct financial cost of any ransom they pay, it does not end there.
Ransomware protection is often covered as part of cyber liability insurance, so there is no ‘standard’ policy, with the specifics varying significantly depending on the cyber insurer. However, many insurers are increasingly offering standalone cover that may be especially useful to businesses in industries that may be most at risk of this type of attack.
What is the current role of insurers when a ransomware incident occurs?
As well as helping meet the costs of a ransom demand, a good cyber insurance policy may assist with a range of associated costs.
This often includes business interruption expenses, hiring specialist third-party consultants to negotiate with hackers, controlling reputational damage, digital forensics activities, replacement hardware or data restoration, and increasing the resilience of systems to prevent future ransomware infection.
What are the incentives and disincentives to victims paying ransoms?
Many companies’ main incentive to pay a ransom is to ensure they can get back up and running again. For organizations that may not have extensive backups in place, or run critical services that cannot afford to be offline for any length of time, this can reduce the overall impact of the attack, and may end up costing them far less in the long run compared with the time and investment needed to rebuild systems or compensate customers.
However, there are also many disadvantages of paying a ransom. Firstly, it greatly increases the chances that businesses will be subject to repeat attacks. Indeed, it’s estimated that 80 percent of businesses that pay to regain access to their files are attacked for a second time.
What’s more, even if firms do make a ransom payment, this is no guarantee that they will regain access to their data. On many occasions, decrypted or returned data may be incomplete or corrupted, and will require significant time to organize and verify, while in some cases, hackers may simply take the money and disappear.

What to look for in a ransomware insurance policy

Having insurance coverage that can protect you in the event you are asked to make a ransomware payment is therefore essential for many firms. But this is still a relatively new sector for the industry, so each insurance company may have its own standards for exactly what will be included and what requirements businesses will need to meet to ensure they are fully covered.
How much does cyber insurance cost?
Ransomware insurance premiums have risen significantly in recent years, which reflects the growing threat posed by these attacks. In many cases, costs have risen by around 40 percent as cyber liability insurance providers look to mitigate their own risks as ransomware payments continue to rise. Despite this, they may still represent value for firms when compared with the overall cost of a data breach without protection.


What are the key exclusions of ransomware insurance?
It’s also important to remember that having a data breach insurance policy that covers ransomware does not necessarily mean you can expect to be reimbursed for any ransom payments. In fact, many insurers now place limits on how much they will pay out for such a breach, and in what circumstances.
For instance, many cyber insurance policies won’t cover losses they define as acts of war or cyberterrorism. This can be a wider exception than firms may think, with some insurers classifying the 2017 NotPetya attack under this category, for example. Other exclusions may be made if insurers determine companies failed to follow best practices or maintain standards.
However, different insurers may have their own definitions of what these standards involve, so it’s vital firms study their policies carefully and ensure they are clear on the language they use.
Can cyber insurers help make organizations more secure or resilient against ransomware?
As well as assisting with direct costs, having cyber insurance helps boost the overall resiliency of your systems against a ransomware operation in other ways. For starters, as many cyber liability insurance policies have strict requirements for ransomware defenses, this can help drive firms to improve their overall data protection capabilities to ensure any claims are not refused.
Indeed, as insurers require that strong defenses to mitigate cyber risk are in place as a condition of coverage, companies will need to invest in advanced protections to minimize the chances of falling victim in the first place, not simply to aid recovery from an attack.

The importance of comprehensive ransomware protection
While ransomware insurance is an important piece of the puzzle when it comes to protecting yourself from cyberthreats such as extortion, it shouldn’t be something you rely on too heavily. Prevention is always better than cure, so you must have strong defenses in addition to these tools to avoid falling victim in the first place.
What are the limitations of ransomware insurance?
Although it can help with the recovery process should you fall victim to a cybercrime incident, ransomware insurance should be viewed as a last resort rather than a first line of defense.
For instance, consider ransomware protection as analogous to a home insurance policy. While it may compensate you for any direct losses, you are still expected to invest in security systems such as strong locks or burglar alarms, as well as remember to take basic precautions such as not leaving windows open.
Indeed, just as is the case with other types of insurance, if an investigation determines your business has been negligent, then a provider won’t pay out. What’s more, a growing number of firms are starting to reconsider offering reimbursements for direct ransom payments amid concerns that this will only encourage businesses to pay up – and in turn, lead to more attacks.
What are the long-term consequences of a ransomware attack?
Even if a ransomware insurance policy does pay out for any direct costs, it is unlikely that this will completely make up for the full losses a business suffers. This is especially true when it comes to less tangible, more long-term expenses.
For instance, the reputational damage that can be inflicted may be severe and long-lasting, with potential customers far less likely to do business with a company that has already proven itself unable to protect sensitive data. This could be compounded by longer-term financial costs such as class-action lawsuits on top of regulatory action, which can take years to resolve and be very costly.
Then there are the expenses associated with rebuilding systems and updating technologies and processes to prevent future breaches, which may include new hardware and the use of expensive external cybersecurity consultants. While insurance may be able to assist with some of these costs, there are many areas it will not cover, so it’s important not to rely too heavily on these policies.


How can you defend yourself against ransomware?
Ransomware security therefore needs to encompass a full range of tools, from intrusion detection and prevention software and internal monitoring through to anti-data exfiltration (ADX) that can help prevent extortion by ensuring criminals are unable to steal data.
In many cases, having such technologies in place will be a prerequisite for any good cyber insurance policy, with diligent providers insisting on a secure foundation before they will agree to cover a business. As such, while insurance is a highly valuable supplement to a strong cyber security defense platform, it’s not an answer by itself.
Find out more about how Blackfog ransomware prevention helps keep your business safe or sign up for a free seven-day assessment of our technology.