Many businesses have some form of cyber insurance as a precaution in case of a data breach or other cyberattack. In some cases, ransomware attacks are also covered by that insurance. If you have ransomware coverage, you might think that your ransomware woes are behind you. After all, isn’t that the point of having insurance?
But what does having ransomware insurance really mean? Here are some things to keep in mind:
In the past, insurers tended to take over the ransomware response for their customers. Insurers paid out very quickly to minimize the ransomware and downtime losses and managed the response for their customers, including deciding whether to pay a ransom or not and even hiring ransomware negotiators. In recent months, there has been more of an adversarial trend where insurers have been more likely to let the customer deal with the ransomware incident and dispute the decisions made or the coverage given. This means that you, as the customer, could have the burden of the ransomware response and a fight with your insurance company, even if your insurance initially pays out.
There is no standard ransomware insurance policy. The terms of the policy, what it covers, and what it doesn’t cover can vary widely. Insurers are changing the language of contracts as they attempt to limit their rising costs by limiting what is covered.
The amount covered in a ransomware attack may be far less than the actual cost of that attack. Your coverage may or may not cover downtime or business interruption, the ransomware amount, negotiation with attackers, infrastructure replacement, and expert consultation for managing the ransomware crisis.
Insurance companies are increasingly requiring security measures such as network protection or email protection from phishing as a condition of ransomware coverage. If you don’t follow these and other conditions to the letter, your insurance company might deny coverage.
Paying ransoms to unknown actors, possibly operating in sanctioned countries, is a grey area — it is technically against U.S. law according to a recent advisory from the U.S. Dept. of the Treasury. The European Union and the UK have issued similar guidance. This might be better for reducing ransomware attacks overall, but it limits what the insurance companies can do to resolve a ransomware issue for insured companies in the short term.
If the ransomware event is judged to be an act of war — a very possible scenario in 2022 — you might not have coverage. Some insurance companies have been adding language to contracts to specifically limit cyberwarfare coverage due to a recent legal challenge.
Recent attack trends
Most importantly, the actual ransom can be one of the least damaging aspects of a large-scale ransomware attack. In over 77% of recent ransomware attacks, data was stolen during the attack, and then the victim was asked for even more money to buy back their data or it would be posted on the internet or sold to the highest bidder. In some cases, the stolen data contains sensitive information about customers or partners, damaging the organization’s reputation and relationships. Under regulations such as GDPR, you could also be heavily fined for allowing a data breach.
What does all this mean?
Even if you have ransomware insurance, you should protect your business as though you had no insurance. Insurance money can fund your recovery from ransomware to a certain extent, but you’re never going to get back stolen data. Even if you “buy back” your stolen data, the attacker still has it and may demand payment from time to time to prevent its release.
In addition, it can be hard to find every bit of malware that an attacker may have placed during a breach. Many companies find that they are attacked many times within a year — sometimes even from the same attackers.
How to protect yourself
Centrality has the most comprehensive ransomware protection portfolio available. We can help you prevent a successful ransomware attack by blocking the initial phishing attempt or a web application breach, as well as securely backing up your data so you have data for recovery purposes.
Centrality can help you go through your environment to secure any ransomware vulnerability points so you can feel secure in the fight against ransomware. Contact us at 502.267.2552 to learn more.