Ransomware attacks and their significant financial threat to organizations have contributed to a growing interest in cyber insurance policies. After all, insurance has traditionally promised to cover everything from ransom payouts to incident response and PR related to corporate image taking a hit in the wake of an attack.
Ironically, this year ransomware attacks have intensified so heavily in numbers, payment sums, and complexity that the cyber insurance market is changing at a rapid speed. Premiums are going up, coverage is going down, and demands for a strong defense are tightening.
The tandem race between ransomware and cyber insurance as we know it seems to be a way of the past. So how do organizations uphold business continuity in the developing threat landscape without the game-changing reserve?
Leverage the paradigm shift
Cyber insurance has always been a debatable risk management tool to mitigate the ransomware risk. Some have argued that cyber insurance options have contributed to the surge in ransomware attacks because it makes it easier for companies to pay the ransom. Paying the ransom stimulates the business model of a cybercriminal, fueling the vicious ransomware cycle.
Unfortunately, cyber insurance has created a false sense of security for many organizations, resulting in subpar cybersecurity efforts. Most successful ransomware attacks today happen because organizations fail to cover the basics of cybersecurity like patching and following best practices. Cyber insurance was never meant to be a stand-alone tool in the cyber risk management toolbox. It was to be reviewed as a last resort to overcome an attack, threatening the business’ survival.
Cyber insurers have read the writing on the wall after massive losses due to the ransomware surge. You don’t get an insurance policy in today’s market unless you have appropriate backup and replication solutions, SIEM solutions, security policies, patch management procedures, etc. Cyber insurers reduce limits, increase policy rates by up to 300 percent, and some ask policyholders to pay half of the ransoms – even if your organization qualifies for insurance.
You should leverage the current cyber insurance paradigm shift to conduct a thorough risk assessment of your security posture, which will allow your organization to choose appropriate security solutions to stay ahead of the curve.
Data recovery is no longer enough
Until recently, a solid data recovery solution was perceived as the best practice to protect against ransomware. It allowed you to ignore the demand for ransom and restore data from backups instead. However, cybercriminals have since added new tools to the original encryption tool. Today, they exfiltrate the data and threaten to leak or sell it if their victims don’t pay up. The praxis has seen a rise of a staggering 935 percent of victims in the last year.
Double extortion opens up a range of inconvenient consequences that data recovery solutions cannot solve, including business-critical information landing in the hands of competitors, re-extortion with the same data over and over again, losing the stakeholders’ trust. You’re not only gambling with your own organizational data – you’re gambling with that of your customers, partners, and employees.
You need to be proactive instead of reactive. You need to know what’s going on in your environment. You need to stop the cybercriminals before they get the chance to deploy their attack. Your best option of doing so is not (only) to secure the perimeter with basic security measures. Security breaches are inevitable, so you need visibility in your environment to detect those suspicious movements indicating a security breach and allowing you to react in time before a small problem becomes an enormous one.