Cyber security is one of the most pressing concerns for organizations around the world. In particular, companies are looking to protect their business from the increasing threat posed by the rising occurance of ransomware attacks.
Cyber ransom insurance is designed to protect your business in the event of a ransomware attack. Although ransomware coverage has been traditionally included to a certain degree within standard cyber insurance policies, stand-alone cyber policies that cover ransomware are becoming more necessary.
Ransomware Quick Facts
- Ransomware attacks have increased on a global scale by 350% since 2018.
- Ransomware kits cost as little as 183 AED (50 USD) on the dark web.
- Trends indicate that a business will be attacked by ransomware every 11 seconds in 2021.
- The average ransom demand in 2020 was 653,794 AED (178,000 USD).
- According to a study by security firm Sophos, 51 percent of all surveyed businesses were hit by ransomware in 2020.
The Growing Threat of Ransomware
Ransomware is a type of malicious software that cyber criminals use to encrypt or block access to all of your data. Once the ransomware has infected your computer or database, it will ask you to pay a ransom in exchange for unlocking or decrypting your data. This increasingly common threat is forcing many companies to go out of business due, including many SMEs in the UAE.
Previously, the threat of ransomware was typically limited to a single workstation or laptop. However, the new trends involve sophisticated intrusions where attackers take complete control of an entire enterprise network to ensure all end-user devices, servers, and backup solutions are entirely encrypted. Once they have control of a full network, attackers steal sensitive data in the hours or days leading up to the ransomware encryption event. This stolen data is leveraged in ransom negotiations and as a secondary extortion demand if you successfully restore from offline backups.
If an organization fails to pay the ransom demands, the attackers will threaten to post stolen data publicly to make an example out of you for their next victim). A growing trend is to conduct a denial of service attack (take down your internet presence, like email or website) if you don’t pay. To increase pressure, cyber attackers have started to call board members, customers, and suppliers. Additionally, they may take out Facebook ads to further threaten their victims into paying ransomware feed.
Cyber Ransom and SMEs
SMEs are among the biggest targets and biggest risks for ransomware attacks (due to their lack of security, only “online” backups, lack of insurance, and the ability for ransomware to create the most impact). For example, a manufacturing plant with poor security and limited insurance might lose all of its customer records, have to stop production, or be forced out of business if they failed to pay an 800k AED ransom fee.
In the event that the company would pay the ransom associated with their data breach, there is typically a delay to get cryptocurrency and negotiate the payment. Not to mention running the decryptor might fail or take time. Cyber ransom insurance professionals leverage their industry knowledge and expertise to handle these details for you to ensure your business experiences limited downtime and exposure.
You can find out more by reading our article on what ransomware is.
Does All Cyber Insurance Cover Ransomware?
Cyber insurance generally covers your business’ liability for a data breach involving sensitive customer information, such as credit card numbers, medical/health records, license numbers, and account numbers (etc.). However, these policies typically do not include ransomware coverage.
An extension and add-on to your general cyber insurance policy, ransomware insurance takes your coverage one step further by paying the ransom associated with a ransomware attack.
Who Needs Cyber Ransom Insurance?
Given the growing digital dependency of businesses on data and cyber activities, any business that runs any portion of their business digitally should invest in ransomware insurance. Typically, general liability insurance or professional liability contain basic cyber liability coverage. However, businesses that store personally identifiable information (PII) for employees or customers should invest in a stand-alone or enhanced cyber ransom insurance coverage.
- Any company that sends or receives wire transfers.
- Any company that stores personal data, such as credit card numbers.
- Any company that stores critical information on a computer.
Should I Pay Cyber Ransom?
The question is not whether or not your company should pay a ransom to regain access to their blocked data but rather can your company afford to pay the ransom? Over the past five years, the average ransom demand has shot up from $15,000 to $175,000 – an almost twelve-fold increase. Furthermore, public data indicates ransom demands exceeded the $1 million threshold in 2018, the $3 million threshold in 2019, and they crossed the $50 million threshold in 2020.
Ransomware insurance is designed to save your company the costs associated with paying a ransom associated with cyber attacks.
How to Recover From a Ransomware Attack?
Even under the best circumstances, when a company pays their ransom demand to gain access to the key to decrypt their data, it may only accelerate data recovery. Once the ransom is paid, you should expect delayed repructionas, to include service and communication interruptions and reputational harm. After a ransomware attack it’s essential to conduct an in-depth investigation to identify the root cause of the ransomware attack to remediate it, so it does not happen again. Ransomware insurance can help pay for the inevitable costs of a breach after it occurs.
How Much Does Cyber Ransom Insurance Cost?
The cost of your ransomware insurance policy can vary based on a number of factors, including:
- Type of business you have
- Deductible and limits of coverage
- Size of your business
- Security of your business environment
Rather than paying a large lump sum, cyber ransom insurance allows you to pay a manageable monthly, quarterly, or annual premium to ensure cyber ransoms are covered in the event of a cyber attack.
Protection For Your Business Against Virtual Threats
Understanding how cyber ransom insurance coverage can assist your business in the event of a cyber-attack not only protects your financial interests but also saves valuable time in regaining access to blocked data. At Petra, our team of insurance professionals is here to help you determine how much ransomware insurance your business requires to ensure you are fully protected from cybercriminals.