
The widespread use of ransomware by cybercriminals to make vast sums of money is leading to insurance companies considering whether covering ransomware payouts as part of cyber insurance makes economic sense.
Cybercriminals are constantly searching for more reliable methods to make organisations pay the ransom fee once they have encrypted files on the victim’s network, perhaps by targeting and destroying data backups first, or by stealing sensitive information and threatening to release it. Targeting organisations with cyber insurance is also proving to be an effective method as the organisation is more likely to pay – after all, that is the one of the purposes of the policy. In a recent interview with a member of a prominent ransomware gang, the subject of cyber insurance was addressed and the cybercriminals stated that they actively targeted organisations that have cyber insurance policies because it made it more likely that they would pay the ransom fee. They even claimed that insurance companies that offered cyber cover would be targeted in order to gain access to their customer list, and then specifically target those organisations. A successful ransomware attack can net a cybercriminal gang millions of pounds, so it is perfectly logical to assume that they would go to great lengths to increase the likelihood of a successful payout.
If the cybercriminal is to be believed – and logically, it makes sense – then this results in the interesting paradox where having a cyber insurance policy may make you more likely to be targeted by cybercriminals. Both the insurance company and the victim organisation lose out; the insurance company loses whatever ransom fee is negotiated, while the victim organisation is impacted through disruption to their business, remediation costs, potential fines and damage to their reputation. It is therefore reasonable for the insurance companies to begin to look at how they structure and price their cyber insurance policies in order to avoid this situation. A likely scenario is that policies will begin to exclude the ransom fee from the policy wording and focus instead on providing the victim organisation help with incident response, remediation and other costs associated with recovery from an attack. A further option will be for insurance organisations to conduct a rapid due diligence check on any organisation they are insuring to ensure that the company is not highly vulnerable to cyber attacks. This is a service we are now offering at Falanx Cyber in order to aid organisations assess the cyber risk of third-party companies.
Ransomware is a highly effective method to make money for criminal organisations and is therefore likely to remain a threat for many years. At Falanx Cyber we can help in a number of ways: primarily through our Triarii Managed Detection and Response (MDR) service, which is able to detect ransomware activity on a network and prevent it from encrypting files, as well as preventing many methods used to deliver the ransomware to your network. Our penetration testing services will help to identify vulnerabilities that can allow ransomware to be deployed. We also have our incident response service if you believe one of your devices, or your network, has been compromised.
Contact us for more information on how our cyber-security services can help you protect against cyber attacks targeting your organisation.