The Answer to the Ransomware Pandemic

The answer to the ransomware pandemic lies in the hands of those who bear the costs of ransomware attacks: Cyber Underwriters.

Why is Ransomware so Dangerous?   

As soon as it reaches the insured’s endpoint (computers, servers or mobile devices) it can begin executing immediately, encrypting everything before anyone has the chance to stop it.  This ability to cripple a company at such speed is the real danger.  It therefore follows that when ransomware reaches the endpoint it is likely to be game over.

The danger also arises from the severity and frequency of ransomware attacks.  The number and severity of ransomware attacks is rising at a frightening rate, fuelled by the payment of ransom demands, increasingly running into millions of dollars.  Cyber criminals are rushing to cash in on this seemingly endless, highly profitable venture with, apparently, almost no prospect of being caught.

The Weakest Link

Cyber security surveys report time and time again that the main way in for ransomware – indeed all malware – is through successful phishing of employees.  Even with regular phishing awareness and training, humans make mistakes from time to time; whether we want to hear this or not, we are the weakest link in the battle against malware and ransomware threats.

Can Cyber Underwriters Reliably Predict the Likelihood of a Ransomware Attack?

The short answer is “So far, no”.

To understand why this is the case, here are a selection of typical underwriter questions asked in recent times:

• Is company-wide phishing training performed regularly for all employees? This may reduce the risk of ransomware attacks, but it still only takes one employee to click on a bad link or malware-laced attachment and the entire company can be crippled within minutes.
• Do you have adequate backups of key data? Backups are helpful, but increasingly they are being encrypted before the main system and data files, making restoration from a backup impossible without the decryption key.  Even when a backup has sensibly been disconnected from the network and internet, it takes longer to restore the data and systems than many businesses and underwriters have previously assumed.  For larger organisations, this can take weeks and even months depending on the complexity of the systems and availability of sufficient IT staff.  The business interruption losses during such a period are often considerable.
• Do you use intrusion detection systems? Even if the best intrusion detection systems raise alerts within seconds of suspicious activity, it still takes time to investigate, isolate and remediate, during which the ransomware could already have done a great deal of damage.

Despite positive answers to these and many more security-assessment questions, companies of all sizes, many with large IT security budgets, have experienced a huge rise in successful ransomware attacks.  The cyber insurance market has been footing this growing bill and they have had enough.

The Response from the Cyber Insurance Market

Afraid of what appears to be out-of-control losses, there has been a sharp correction in insurance renewal terms to stem losses.  Reports in the press talk of major cyber insurers halving limits, co-insuring ransomware risks with the insured 50:50, considerably higher deductibles and up to 50% increase in premium across the board.

This means that insureds are now getting dangerously low levels of ransomware insurance protection at much higher premiums.  Even then, if the high rate of growth of ransomware attacks continues, these corrective measures may not be sufficient to outrun ransomware losses and further corrective actions will be needed.

What Conclusions can we Draw from this?

There are three conclusions to draw from this:

• Existing cyber security protections – even among those with sizeable IT security budgets – are not capable of reliably preventing ransomware attacks.
• Underwriters need a better way to measure and control ransomware risk if they are again to provide meaningful ransomware coverage for their clients.
• If cyber insurers wish to be viewed by businesses as innovative problem-solvers, we need to grasp the ransomware threat and return to providing clients with full limit ransomware insurance, underwritten properly and with confidence.

How can Cyber Insurers Turn the Tide on the Ransomware Threat?

If clients want to regain full limit ransomware protection as part of their cyber policy, at reasonable prices, they need to look again at the efficacy of ransomware prevention measures that they employ.

And where better to turn than to forward-thinking cyber insurers, who ultimately bear the costs of ransomware attacks.  After all, they have a vested interest in finding reliable, preventative technologies and getting clients to use them.

Cyber insurers, who have done their own research to find preventative ransomware solutions that are reliable, will increasingly demand evidence of their use in return for full limits and lower deductibles at reasonable prices.

Those insurers who have a high degree of confidence in the effectiveness of a particular ransomware prevention technology, and who mandate the use of that technology as a condition of meaningful ransomware coverage, should also be willing to put their money where their mouth is and offer a nil deductible to all clients willing to use that solution.

Written by Graeme King