While enterprises are encouraged not to base their entire security strategy on the purchasing of cyber insurance, most IT security teams consider it a wise investment. Though cyber insurance adds an expense, it’s a far more manageable expense than the cost of a major breach. Why, then, are so many in the information security industry questioning the role of cyber insurance in driving up ransomware attacks? Some believe it to be a chicken-and-egg scenario, in which cyber insurance and ransomware attacks are simultaneously on the risk, without an indication of causation on either side.
Who’s Involved in the Debate
Facing off are the cyber insurance companies against the information security professionals trying to keep up with a surge in ransomware attacks. While there’s little actual proof of the connection, information security (infosec) is becoming more vocal about a link.
The argument from infosec specialists is that cyber insurance policies allow enterprises a way to pay the ransom and retrieve data that poses little inconvenience or cost. This, in turn, encourages more ransomware attacks. This scenario is working to fuel the cyber insurance market, which then facilitates the paying of ransoms.
It doesn’t seem to matter whether the enterprise hands over the ransom, or if the insurance company pays the ransom; the end result is that the ransom is being paid, which only encourages malicious behavior.
Cyber insurance companies aren’t ready to accommodate this line of thinking. They maintain that, far from causing more ransomware attacks, cyber insurance gives enterprises a tool with which to fight.
Security solution providers say they have seen an increase in the enterprises who choose to go ahead and pay the ransom, despite the advice from infosec experts and law enforcement not to pay up.
Recently, cities and municipalities have been in the crosshairs of ransomware attacks. If a city is attacked and they have the choice to either pay $1 million in ransom, or suffer the impact of downtime and restoration efforts that can come in around $100 million and last several weeks, you begin to see the motivation to pay up.
Shadow Payments
There’s also suspicion that some security companies that offer to quickly restore data are actually paying the ransom behind the scenes. The enterprise may have the idea that their data is being restored through some sort of backup system, but in reality, the company is simply quietly paying off the attacker.
Driving Up Ransomware Demands
What all parties in the debate agree on is that ransomware demands are becoming greedier. What used to be a $5,000 to $10,000 demand is now reaching into six- and seven-figure ransoms. Attackers know the cost of downtime and restoration, so they are hedging their bets that enterprises will be willing to pay, insurance or not.
For guidance in choosing security tools and cyber insurance to fit your enterprise needs, contact us at Clarksys. We can help you leverage the right solutions to protect your data and systems, as well as the future of your organization.