An increasing number of organizations in recent years have purchased cyber insurance policies in an effort to protect against the high cost of recovering from a data breach, including a ransomware attack. Many believe that having such a policy means they no longer have to worry about IT security; after all, the insurance company will clean up the mess if a data breach occurs; otherwise, why have a policy in the first place?
When it comes to cyber insurance, there are a few things to keep in mind before you luxuriate in a carefree work life…
- The terms of the policy – what is covered and what is not covered – vary by insurance company. Insurers keep tightening the language in their policies in an effort to cope with their rising costs.
- When it comes to ransomware, insurance companies are requiring that security measures be in place, such as network firewalls, intrusion detection and email protection from phishing, as a condition of coverage. If these and other safeguards are not met, the insurance company could exercise its right to invalidate the claim.
- Ransomware coverage may or may not cover downtime or business interruption, the ransom amount, negotiation with attackers, infrastructure replacement, and expert consultation for managing the crisis.
- If the ransomware event is considered to be an act of war, the claim might very well be denied. Some insurance companies have been adding language to policies that explicitly limit or exempt coverage if the attack is war related.
- Paying ransoms to unknown actors is discouraged by the FBI. While nonpayment might be better for reducing ransomware attacks in the long term, in the short term it limits what insurance companies can do to resolve the issue at hand.
- A recent trend among insurers is to offload the burden of ransomware response to the policy holders. That way, the insurance company can second guess the victim’s decisions that went into dealing with the problem and force a fight about the amount of the claim.
Even with ransomware insurance, it’s a good idea protect your business as if there were no insurance. While insurance money can fund recovery from ransomware to a certain extent, there’s no guarantee that stolen data will be unlocked once the ransom is paid. Plus, the attacker still has a copy of the stolen data and may demand payment again to prevent its release on the Internet or to other gangs of cyber criminals on the dark web.
Finally, a highly skilled security team may not discover every bit of malware code that an attacker may have placed on the target IT systems during a breach. The most innovative malware is now capable of covering its tracks to avoid detection and removal. It may even sleep for awhile and resurrect itself to wreak havoc again and again.
Ransomware attacks can be prevented by implementing security systems that block the initial phishing attempt or a web application breach. Frequent data backups held in offline storage are also effective in thwarting ransomware, as they can be used to restore all locked files – without paying the ransom and dealing with uncertain outcomes.
Of course, the best security intervention is to raise the awareness of staff. When employees understand the mechanisms of spam, phishing, spear phishing, malware, ransomware, and social engineering, they can apply this knowledge in their day-to-day jobs.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.