Ransomware: The role of cyber insurance in protecting businesses

Ransomware cyber insurance

Ransomware is one of the biggest and fastest-growing cyberthreats faced by businesses today. This form of cybercrime can be targeted at companies of any size across any sector, so it’s something firms must make a top priority when defending their systems.

This doesn’t mean just preventing network breaches and data exfiltration. Companies increasingly need protection after they get hacked – both in terms of technological and financial support.

Therefore, cyber insurance policies that cover ransomware are increasingly a must-have for any business. But what does this involve, and why does it matter?

Cyber Insurance

An introduction to ransomware

Ransomware can take several forms, but in its most traditional guise it involves the use of malware that infiltrates a network and encrypts critical files. This may be business information such as databases or critical files that render a device unusable. The hackers then demand payment in order to grant businesses access to their data again. 

Increasingly, however, these cyber attacks don’t end at simply encrypting files. In today’s environment, a more common goal for ransomware is extortion. This involves data exfiltration to remove sensitive information from a network, before hackers then demand further payments to prevent them publishing this stolen material online.

ransomware encryption
ransomware threats

Why should firms be focusing on ransomware threats?

Ransomware has become a hugely popular form of cybercrime for hackers as it’s relatively inexpensive and fast to deploy and offers the potential for large gains. Self-contained kits can be easily found on the dark web, meaning even criminals without advanced hacking skills are able to effectively launch such attacks. 

As a result, ransomware is booming. Figures from Statista, for example, suggest that in 2022, organizations around the world identified almost 500 million cyber attacks that featured ransomware, and the costs of these are also growing. BlackFog’s 2022 State of Ransomware Report revealed that last year, the average ransom payment reached $258,000. However, this is only a small portion of the losses a ransomware victim may experience, not covering issues such as lost business, future mitigation and hardening expenses, hiring security and investigation experts, reputational damage or the cost of regulatory action.

Because of the disruption this type of attack can cause and its potential impact on areas such as critical infrastructure, it is no surprise that agencies such as the UK’s National Cyber Security Centre regard ransomware as the “most significant cyberthreat” facing the country.

Why are ransomware costs increasing?

For businesses, the impact of ransomware can be huge, with the effects extending far beyond individual companies. For instance, consider the case of energy infrastructure firm Colonial Pipeline, which fell victim to a ransomware attack in 2021, leading to long lines at gas stations across the US east coast as the attack disrupted critical infrastructure supplies.

Another growing trend is the rise of secondary tactics such as data exfiltration and extortion. In this type of ransomware attack, hackers

actively steal private data instead of merely encrypting it, then threaten to release it publicly unless more ransoms are paid.

This can be especially harmful for businesses if highly sensitive material such as trade secrets get exposed. What’s more, publicly releasing data such as customer financial details can not only increase a firm’s risk of facing regulatory action, but can result in severely damaged reputations or the potential for class-action lawsuits.

How do these trends relate to cyber insurance?

One traditional response to ransomware is to ensure firms have effective backups in place. This means that should files be encrypted, the business can revert to these backups and continue without losing data or being required to pay up. 

However, with the rise of tactics such as extortion and data exfiltration, this is increasingly becoming ineffective. In fact, many attacks now look to specifically target backup servers in order to neutralize this form of ransomware response, while many others have adopted double extortion tactics, where they threaten to release sensitive data if not paid. 

Hackers that can effectively bypass traditional defenses using these methods are often able to increase their cyber extortion demands.  They believe that firms will have no choice but to pay up, no matter the cost, in order to recover critical data or avoid public exposure.

What’s more, with changing work habits such as increased remote working making it easier for criminals to gain access to poorly-defended systems, firms are increasingly seeing the need for protection that extends beyond traditional cybersecurity tools. As a result, the demand for ransomware insurance is growing all the time.

ransomware extortion

What is ransomware insurance and what does it cover?

extortion claims

Cybersecurity insurance has long been an important protection for firms concerned with the threat of data breaches. But policies that offer specific protection against ransomware attacks are becoming increasingly popular.

For instance, figures from Coalition showed that ransomware-related cyber insurance claims from small firms reached a record high in the first half of 2023, climbing by 27 percent compared with the second half of 2022. 

So what does a cyber policy offer to businesses and how could dedicated ransomware coverage help protect them from cyber criminals?

How does ransomware insurance work?

This type of insurance essentially allows businesses to claim back the costs associated with these attacks. While many enterprises may see this as a way to recoup the direct financial cost of any ransom they pay, it does not end there.

Ransomware protection is often covered as part of cyber liability insurance, so there is no ‘standard’ policy, with the specifics varying significantly depending on the cyber insurer. However, many insurers are increasingly offering standalone cover that may be especially useful to businesses in industries that may be most at risk of this type of attack.

What is the current role of insurers when a ransomware incident occurs?

As well as helping meet the costs of a ransom demand, a good cyber insurance policy may assist with a range of associated costs.

This often includes business interruption expenses, hiring specialist third-party consultants to negotiate with hackers, controlling reputational damage, digital forensics activities, replacement hardware or data restoration, and increasing the resilience of systems to prevent future ransomware infection.

What are the incentives and disincentives to victims paying ransoms?

Many companies’ main incentive to pay a ransom is to ensure they can get back up and running again quickly. For organizations that may not have extensive backups in place, or run critical services that cannot afford to be offline for any length of time, this can reduce the overall impact of the attack, and may end up costing them far less in the long run compared with the time and investment needed to rebuild systems or compensate customers.

However, there are also many disadvantages to paying a ransom. Firstly, it greatly increases the chances that businesses will be subject to repeat attacks. Indeed, it’s estimated that 80 percent of businesses that pay to regain access to their files are attacked for a second time. 

What’s more, even if firms do make a ransom payment, there is no guarantee that they will regain access to their data. On many occasions, decrypted or returned data may be incomplete or corrupted, and will require significant time to organize and verify, while in some cases, hackers may simply take the money and disappear.

ransomware payments

What to look for in a ransomware insurance policy

insurance partner

Having insurance coverage that can protect you in the event you are asked to make a ransomware payment is therefore essential for many firms. But this is still a relatively new sector for the industry, so each insurance company may have its own standards for exactly what will be included and what requirements businesses will need to meet to ensure they are fully covered.

How much does cyber insurance cost?

Ransomware insurance premiums have risen significantly in recent years, which reflects the growing threat posed by these attacks. For instance, one report by ratings firm AM Best noted that premiums collected by the cyber insurance industry reached $7.2 billion in 2022, which was triple the total of three years earlier. While this partly reflects more policyholders turning to these solutions, it also highlighted a 50 percent increase in US premiums in 2022.  Despite this, they may still represent value for firms when compared with the overall cost of a data breach without protection.

cyber insurance cost
insurance exclusions

What are the key exclusions of ransomware insurance?

It’s also important to remember that having a data breach insurance policy that covers ransomware does not necessarily mean you can expect to be reimbursed for any ransom payments. In fact, many insurers now place limits on how much they will pay out for such a breach, and in what circumstances. 

For instance, many cyber insurance policies won’t cover losses they define as acts of war or cyberterrorism. And in today’s turbulent geopolitical landscape, the number of policies with such exclusions is growing. In 2022, for instance, insurance provider market Lloyd’s of London issued a bulletin instructing underwriters to exclude certain types of state-backed attacks from their cyber insurance policies.

What’s more, this can be a wider exception than firms may think, with some insurers classifying the 2017 NotPetya attack as an act of cyberwar, for example. Other exclusions may be made if insurers determine businesses failed to follow best practices or maintain standards to minimize their risk of falling victim to a cyber incident. 

However, different insurance companies may have their own definitions of what these standards involve, so it’s vital firms study their policies carefully and ensure they are clear on the language they use.

Can cyber insurers help make organizations more secure or resilient against ransomware?

As well as assisting with direct costs, having cyber coverage helps boost the overall resiliency of your systems against a ransomware operation in other ways. For starters, as many cyber liability insurance policies have strict requirements for ransomware defenses, this can help drive firms to improve their overall data protection capabilities to ensure any claims are not refused.

Indeed, as insurers require that strong defenses to mitigate cyber risk are in place as a condition of coverage, companies will need to invest in advanced protections to minimize the chances of falling victim in the first place, not simply to aid recovery from an attack.

cyber insurance direct costs

The importance of comprehensive ransomware protection

While ransomware insurance is an important piece of the puzzle when it comes to protecting yourself from cyberthreats such as extortion, it shouldn’t be something you rely on too heavily. Prevention is always better than cure, so you must have strong defenses in addition to these tools to avoid falling victim in the first place.

What are the limitations of ransomware insurance?

Although it can help with the recovery process should you fall victim to a cybercrime incident, ransomware insurance should be viewed as a last resort rather than a first line of defense.

For instance, consider ransomware protection as analogous to a home insurance policy. While it may compensate you for any direct losses, you are still expected to invest in security systems such as strong locks or burglar alarms, as well as remember to take basic precautions such as not leaving windows open.

Indeed, just as is the case with other types of insurance, if an investigation determines your business has been negligent the provider won’t pay out. What’s more, a growing number of players in the insurance industry are starting to reconsider offering reimbursements for direct ransom payments amid concerns that this will only encourage businesses to pay up – and in turn, lead to more attacks.

What are the long-term consequences of a ransomware attack?

Even if a ransomware insurance policy does pay out for any direct costs, it is unlikely that this will completely make up for the full losses a business suffers. This is especially true when it comes to less tangible, more long-term expenses. 

For instance, the reputational damage that can be inflicted by a cyber attack may be severe and long-lasting, with potential customers far less likely to do business with a company that has already proven itself unable to protect sensitive data. This could be compounded by longer-term financial costs such as class-action lawsuits on top of regulatory action, which can take years to resolve and be very costly.

Then there are the expenses associated with rebuilding systems and updating technologies and processes to prevent future breaches, which may include new hardware and the use of expensive external cybersecurity consultants. While insurance may be able to assist with some of these costs, there are many areas it will not cover, so it’s important not to rely too heavily on these policies.

ransomware consequences
ransomware anti data exfiltration

How can you defend yourself against ransomware?

Ransomware security therefore needs to encompass a full range of tools, from intrusion detection and prevention software and internal monitoring through to anti data exfiltration technology (ADX) that can help prevent extortion by ensuring criminals are unable to steal data.

In many cases, having such technologies in place will be a prerequisite for any good cyber insurance policy, with diligent providers insisting on a secure foundation before they will agree to cover a business. As such, while insurance is a highly valuable supplement to a strong cyber security defense platform, it’s not an answer by itself.

Find out more about how BlackFog ransomware prevention helps keep your business safe or sign up for a free seven-day assessment of our technology.