Ransomware: As if COVID Isn’t Difficult Enough

Now that many businesses are starting to slowly return to normal, there are other challenges to face. Instances of ransomware greatly increased throughout COVID-19, and it’s easy to see why. With more people working from home and more industries cutting back, there were fewer people at the infrastructure and security wheel. Ransomware attacks can be devastating for businesses, but they don’t have to be. Let’s take a look.

What is Ransomware and Why Is It Increasing?

Ransomware is a special type of malicious program that gets into a user’s system and encrypts their data. It can strike an entire network or a single high-level individual, or anything in between. Once the data is encrypted, it can’t be accessed by the original company. The ransomer then asks for a ransom in return for the data; otherwise it will be lost forever.

Many companies rely on their data. Without their data, they don’t know who owes them, how much they owe, and other daily, necessary information. They may not even have access to their own confidential IP.

Further, ransomware occurs when a system breach has happened. It’s difficult to say whether the ransomer themselves has accessed the information, which means it has to be treated as a system breach.

Ransomware was already increasing in frequency and severity when COVID hit. But after COVID, security measures became particularly lax, and ransomware ran rampant. Additionally, the proliferation and accessibility of cryptocurrency has made it easier for ransoms to be completed without being traced.

How Have Insurance Companies Reacted to Ransomware?

Understandably, the dangers of the digital realm are still being explored. Many cyber insurance carriers have tightened underwriting requirements, attached higher premiums, or reduced limits when it comes to these types of digital risks.

In fact, companies shouldn’t assume that they are protected from ransomware up to their cyber policy limit.  Ransomware coverage can have a sublimit that is lower than the standard 1st party coverage on the Cyber policy.  There may be additional requirements or stipulations when it comes to losses due to digital security flaws.

Business disruption insurance has become critical for companies that rely upon their data. Not just because of ransomware, but because of other forms of malicious attack. Make sure to double check that your Cyber policy includes business interruption coverage.  Cyber policies often have the capability of adding ransomware and business interruption coverage but they may not be part of the base offering from an insurance company. 

What Are the “Next Steps” In an Attack?

Surprisingly, many people do pay the ransom. If they cannot recover their data any other way, it can be necessary. But it’s extremely expensive. Often, they need to pay by file. And because the money is usually transferred in an untraceable way through cryptocurrency, there’s no guarantee that paying the ransom will do anything at all.  However, these cyber criminals are running a business too, and if they don’t live up to their end of the bargain, it is unlikely future victims will pay so there is incentive to return the data.  Some cyber criminals even maintain a Net Promoter Score (NPS) to assure companies that they will return their data if payment is made.   

If someone isn’t going to pay the ransom, there is a simple solution. They can restore their backups. Most people who are struck seriously by ransomware don’t have up-to-date backups that they can redeploy. A ransomware attack can almost always be defeated through the use of timely backups and syncing.

However, there’s a caveat. Even if you can redeploy your backups, you know that there are security flaws. These security flaws absolutely need to be shored up, which can be another costly expense. And because the system has been breached, vendors, customers, and employees will need to be notified. Any time a data breach occurs, this is a necessity.

What Can Companies Do to Mitigate the Chances They Are Hit?

Today, digital attack has become somewhat of an eventuality. But companies can reduce their risk profile and reduce the damage.

Foremost, they need up-to-date security technology. Cloud-based systems tend to be less likely to be struck by ransomware because they keep so much redundant data. Syncing and backing up files regularly means that if the company is struck by ransomware, they can quickly recover.

Always-on and always-scanning security utilities can notify companies if they experience security breaches. The faster a company knows it has experienced a security breach, the less likely it is to experience significant damage. Finally, companies can also get the right insurance. Cyber insurance is becoming a must for all businesses.  The policy protects companies from the direct and indirect costs of a data breach, which can be considerable.

Ransomware isn’t just a nuisance. Many companies successfully hit by ransomware go out of business entirely. The costs are simply too significant. Companies need to be able to protect their data today, as well as prepare in advance for the chance that they could get struck — at any time.

If you have questions about cyber insurance or would like more insight on what cyber coverage would be best for your specific needs, get in touch.