Ransomware Insurance: Why it Needs to be Part of a Bigger Solution
With ransomware now a major security risk for businesses of all sizes, and across all sectors, it’s vital that firms take appropriate steps to guard against these threats.
For many, this may involve taking out cybersecurity insurance policies with cover for ransomware incidents. In theory, these can protect businesses from the financial impact of a successful attack and provide peace of mind that, should the worst happen, will provide some level of protection.
However it’s important that organizations not rely too heavily on this. While ransomware insurance is often a key piece of the puzzle when it comes to dealing with these attacks, do not let this lull you into a false sense of security, as these policies have many limitations.
What can Ransomware Insurance Cover?
Ransomware insurance may be appealing to many firms as it can offer them a critical financial safety net should they fall victim to either a ‘classic’ ransomware attack that encrypts data, or the increasingly common extortionware tactics that threaten to divulge information or cause further disruption if payments aren’t made.
As well as the direct costs of a ransom, the main advantages of having this type of insurance include help with incident response strategies and longer-term recovery plans. For instance, they may cover the cost of bringing in external consultants to negotiate directly with ransomware hackers or help replace affected hardware.
Seeking out a good ransomware insurance policy can also encourage businesses to do more to safeguard their networks. Many such policies will have stringent requirements about the deployment of cybersecurity technologies as conditions of coverage, such as effective network monitoring and anti data exfiltration tools.
Even if firms’ primary concerns are to recoup any financial losses, being compelled to put such solutions in place can prevent an attack before it has a chance to do any damage.
The Limitations of Ransomware Insurance Policies
Ransomware insurance policies are only a part of a comprehensive strategy for protecting your organization. Just as you would not rely on home insurance alone to protect the contents of your home. It is always more cost effective to prevent the problem than rely on insurance after the fact.
With ransomware costs still rising, many insurers are placing ever-tighter restrictions on their policies in order to stem their own losses. This may mean that, if they determine your defenses are inadequate or find negligence among your staff, there’s no guarantee you’ll actually receive full reimbursement for any losses.
Even if your policy does pay out for a ransomware incident, the chances are it will only make up for a small percentage of your overall losses, especially in the longer term.
While direct costs such as consultancy fees, new and upgraded hardware and the ransom itself may be covered, many of the less tangible costs will still be left up to the business to absorb.
For starters, there is the reputational damage that firms will suffer as a result of a data breach, and the resulting loss of business this inevitably leads to. This may especially be the case if personal data was exfiltrated as part of the ransomware, which will also trigger compliance costs and regulatory fines.
Trust is vital in today’s environment, with research suggesting a quarter of American consumers will refuse to do business with a firm that has suffered a data breach. This could translate into millions of dollars of lost business in the months and years following an incident, which is unlikely to be covered by insurance policies.
On top of this, there may be a variety of long-term expenses to consider. For instance, large-scale ransomware breaches that expose customer information could lead to class-action lawsuits. This can mean large direct compensation payments, as well as other costs such as credit monitoring tools for affected customers.
A good ransomware insurance policy may be able to help cushion the blow of an incident, but it can only be effective if paired with a comprehensive cybersecurity strategy that focuses on prevention at every stage, from protecting your perimeter to monitoring tools that identify any data exfiltration techniques before they have a chance to succeed.
Modern enterprise networks are more decentralized than ever, making it harder for traditional tools such as firewalls and antivirus software alone to perform effectively.
Not every ransomware incident can be blocked at its point of entry, with zero-day vulnerabilities and social engineering efforts especially hard to guard against. Therefore, you need solutions throughout your system to protect against breaches.
The growth of trends such as remote, mobile and hybrid working means there are often far more touch points where ransomware can gain access. Many of these may be personally-owned devices connected via unsecured Wi-Fi. As such, on-device protection is an important consideration.
In addition, anti data exfiltration tools, solutions to guard against malicious insiders and comprehensive incident response tools are all critical aspects of an effective prevention strategy.