Select your country

Not finding what you are looking for, select your country from our regional selector:


Is ransomware insurance detrimental to cybersecurity?

94% of the time, when a ransom is paid to get the data back, the money comes from an insurance company. Is this a solution?

Ransomware attacks and insurance payments: the key figures

According to a recent survey by Fortinet, ransomware attacks went up nearly 11-fold between July 2020 and June 2021. 72% of respondents said they have a cyber ransom insurance policy in place, and 49% stated they would pay a ransom outright. The average ransom paid by mid-sized organizations was $170,000.

In a typical ransomware attack, malicious hackers encrypt data until a ransom has been paid. For those that have ransomware insurance, the insurance company often pays the ransom and compensation for business downtime and data recovery. A recent report found that for those organizations that have insurance against ransomware, 94% of the time, when the ransom is paid to get the data back, it is the insurance company that pays.

Are cyber-insurance payouts adding to the ransomware issue?

There is an argument that insurance companies that pay the ransom for ransomware victims are actually making the attack safer to cybercriminals, expanding their tactics to speed up the process and being quite sure to obtain a return on investment. The malicious actors behind Maze and DoppelPaymer, for example, have threatened hacked enterprises with the publication of their stolen data on a data leak site as part of their extortion plans and suggest they contact their insurance companies as a matter of urgency.

Given the average bill for remediating a ransomware attack, including downtime, lost business, and the cost of the ransom itself, is estimated to be around $1.85 million, paying the ransom is often seen as the only option or see the business suffer.

Coalition, one of the largest cyber insurance providers in North America, maintains that it has processed more claims across more organizations in the first half of 2021 than in any other period. Ransomware ranks the highest, with the average ransom demand made to a Coalition policyholder now sitting at $1.2 million. It says that the average payout has decreased slightly due to Coalition’s efforts on negotiating ransoms on behalf of policyholders.

The cyber insurance landscape is getting harsher

However, what seems like a vicious circle between the attacker, the victim, and the insurance company may be about to be broken. As the severity and frequency of ransomware attacks skyrockets, so will the cost of premiums. As a result, the cyber insurance market will continue to harden.

Coalition, like many insurers, believes it will become harder for enterprises to qualify for cyber insurance, and the deployment of a cybersecurity strategy and controls will be required as a condition of insurance coverage. Coalition goes as far as predicting that many insurance carriers will also begin to need companies to address identified vulnerabilities during the policy period or risk losing part or all of their coverage.

Time to shore up defenses

The fact that insurance companies are becoming more vigilant and looking to enforce levels of security is a welcome move.

For example, companies rely on insecure and remote tools that are not properly secured and don’t have adequate backup in place and the know-how to restore it. In its recent report, Coalition claimed that had insecure remote access enabled when they applied for insurance went up nearly 50% between the first half of 2020 and the first half of 2021.[5]

Protective steps to take:

  • Presume you will be hit by ransomware and shore up your defenses accordingly. Back-ups are a number one priority in restoring data.
  • Malicious actors look for vulnerabilities and gaps in privileges. Take a proactive and layer approach to block them at as many points across the infrastructure as possible.
  • As simple as it may seem, security awareness training is one of the key actions that can help to identify malicious links that download ransomware quickly.
  • Make sure systems are regularly updated and security solutions adequately configured.
  • Security testing should be done on new applications, and penetration testing completed at least annually.
  • Any new project should be thoroughly checked for any security flaws.
  • It is also vital to keep up-to-date on current ransomware threats, so you know what to look out for.

Advanced security awareness

Cybercriminals like ransomware, because it is easy to trigger and can result in significant payments. They are undoubtedly taking advantage of the fact that insurance companies pay out on ransoms by making more considerable demands.

Once an enterprise has paid a ransom once, it is seen as an easy target. Enterprises are frequently held to ransom with repeated demands or sent decryption keys that either does half the job or don’t work at all.

Whether or not you choose to be supported by an insurance company, the fact remains that a good knowledge of your actual security is paramount. This includes maintaining a security level (audit, pentest), a good segmentation of your network, regular backups, a solid IAM policy, and sufficient training of your employees. These remain the most effective protection against a ransomware attack and limit the damage to a minimum.

Learn more

Do you want to learn more about beating ransomware? Discover our comprehensive guide on tackling ransomware. The purpose of this report is to provide technical guidance to CISOs and security managers concerned with the threat of cyber extortion. 

Download Beating Ransomware

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.