A recent BlackBerry Cyber Insurance Coverage study shows that businesses are growing increasingly concerned about how they will meet ransomware demands.
Only 19% of those surveyed have ransomware coverage limits above $600,000, while 59% hoped the government would cover damages when future attacks are linked to other nation-states.
Shishir Singh, Executive Vice President, and CTO of Cybersecurity at BlackBerry, stated, “Not only are there more ransomware threats than ever, but the criminals are more ruthless. They will iterate threats and wait patiently in order to extract maximum damage.”
“For uninsured and underinsured organizations, this potentially puts them in extreme jeopardy. The cyber underground is increasingly sharing learnings and partnering to make threats as efficient as possible. It’s vital businesses strengthen their security posture against these threats by supplementing insurance with a prevention-first software approach that lowers their overall risk.”
The study suggests that small-to-medium-sized businesses (SMBs) have become the major target of ransomware attacks.
Of businesses with under 1,500 employees, only 14% have a coverage limit in excess of $600,000. A recent Forrester report estimated that a typical data breach would cost the average organization $2.4 million to investigate and recover.
50% of SMBs respondents hoped the government would increase financial aid in all ransomware incidents.
Many businesses have reported cybersecurity coverages are poorly tailored to their current situation. 37% of respondents aren’t currently covered for any ransomware payment demands, while 43% aren’t covered for auxiliary costs, such as court fees or employee downtime.
Concurrently, cyber insurance has become harder to get due to increased software requirements placed by insurance brokers. 34% of respondents have been denied coverage due to not meeting specific Endpoint Detection and Response (EDR) software requirements.
“Though it might sound counterintuitive, continuing to adhere to software requirements is one of the best ways to fight the ransomware industry,” said Vincent Weafer, CTO at Corvus.
“In our portfolio alone, we’ve seen a 50% reduction in the ratio of ransom demands that end up being paid. Better software adoption is a critical element in better positioning organizations to stand up to attackers.”