Advanced phishing

Will insurance firms stop paying out for ransomware attacks?

by Egress
Published on 28th Jul 2021

Businesses have two choices when ransomware strikes: pay the ransom and regain access to their data, or undergo the agonising process of rebuilding their IT systems from scratch. As ransomware attacks have increased, so have the amount of businesses looking to cover any potential costs with cyber insurance.

However, insurance companies are being forced to rethink their policies. Ransomware is becoming more successful, and we’re now seeing a situation where some businesses are actually relying on their insurance paying out over properly securing themselves against ransomware in the first place.

Why are insurance companies worried?

According to blockchain research firm Chainalysis, ransom payments from companies increased 341% to a total of $412m during 2020. Colonial Pipelines were the recent victims of a major ransomware attack, paying hackers roughly $4.3m. Of that sum, they confirmed to Congress that they were able to claim back more than $2m.

On top of dealing with more (and larger) pay-outs, insurance companies offering cyber insurance have found themselves to be major targets for cybercriminals. This is due to the wealth of information they have around clients, such as:

  • Who has cyber insurance (and might therefore be more willing to pay a ransom)
  • How much businesses are insured for, so they can set ransoms just beneath the maximum limits
  • What existing defences businesses have in place

The knock-on effect is the insurance industry has been forced to reconsider how much coverage they can afford to offer to customers, and which additional precautions to take when accepting new clients.

How are insurance firms adapting?

As more businesses realise the threat of ransomware and turn to cyber insurance for protection, insurance companies are raising premiums in response. On average, insurance premiums are going up between 10 and 30%, even reaching as high as 50% increases.

Insurance firms are also paying close attention to the existing security of potential customers. There is zero appetite to take on customers knowingly leaving themselves wide open to ransomware attacks. For example, they might choose to reject a client who has weak inbound email security or doesn’t make users verify themselves through multi-factor authentication (MFA).

In May of this year, French insurance giant AXA reported that it would stop paying our ransomware payments in France. This was in response to French officials raising concerns that paying out was encouraging further crime. It’s becoming clear that cyber insurance is not going to be a golden bullet for businesses looking to protect themselves against ransomware.

What alternative do businesses have?

If businesses want to take out policies against ransomware, they’ll need to prove their cybersecurity measures are up to scratch. As after all, insurance should be just that – a safety net against the worst happening. Even taking insurance out of the equation for a moment, it’s incredibly risky to leave your systems open to ransomware.

Thankfully, the technology does exist to greatly reduce the chances of a worst-case scenario. The best place to start is by stopping ransomware entering your business in the first place, and breaking the kill chain before it gets to the point of being downloaded and locking down your system. Over 90% of ransomware is delivered via email phishing, so having an intelligent anti-phishing solution such as Egress Defend is paramount.

Defend uses machine learning and natural language processing capabilities to analyse not only the content of emails, but the context too. That means it can catch the increasingly sophisticated ways in which cybercriminals are slipping ransomware attacks through traditional security defences.

Businesses that take proactive measures against attacks are far less likely to be breached – and far more likely to be insured in the event that disaster did strike.

Learn more about Egress Defend here, or if you prefer, we can have a chat about setting your organisation up with a no-strings-attached demo. You might be surprised what you catch.