Cyber insurance provides coverage when hackers demand ransom. Is your business covered in case of cyber extortion or a ransomware attack?
Cyber extortion and ransomware attacks are on the rise, with even large organizations and entities falling victim. Hackers will gain access to a system, hijack it and take control, encrypt all data and lock down the system, and effectively paralyze the victim. It can happen to anyone, but governmental entities and smaller businesses are more frequent targets because they have fewer resources and less sophistication to block an attack. The hackers then demand ransom to release the system.
Fortunately, any well written cyber insurance policy will cover these types of attacks, and ransom or payments made to restore the system. Attackers and their tactics vary greatly, but cyber experts report that there also seems to be honor among thieves; once payment has been made they do actually release their hold on the system and data and allow it to be restored. They’re in it for the money, and if they gain a reputation for not releasing their hold on a victim’s system after they are paid, future victims will be less likely to pay. Reportedly, they are likely to install a concealed back door in the victim’s system, making it possible for them to regain access in the future.
The debate is about the wisdom of actually paying the ransom. Victims may be able to make repairs on their own, restore data from uncorrupted backups, and generally find a way to get back to normal without paying ransom. Should this be done even if it takes more time and costs more? Is it better to deny ransom to attackers, lessening the incentive for them to continue such attacks?
Insurance companies are usually more practical than philosophical about this. If, like most, their cyber policy covers both ransom and/or the cost of restoration, then which costs less? The hackers will ask for a ransom that will be painful, but won’t approach the cost of restoration. When a claims adjuster looks at the options, sees a ransom payment or a much more expensive restoration claim, the choice is obvious.
Some observers say that this approach by insurance company claims adjusters is fueling the rise in ransomware attacks. And if insurers adopt this approach, and ransomware attacks increase, the insurers will sell more cyber policies, and get more premium.
In most cases, ransom is the quickest and most convenient way to restore business as usual. Claims adjusters have the right to settle a claim for the lowest cost they can. The policyholder is only obligated for the amount of the policy deductible, which is most likely the same however the claim settles.
If you do pay ransom, insist that the insurance company also cover the cost of a full system audit after your system is restored. Remember those back doors; you don’t want to leave one open.