Could having cyber insurance make your establishment a bigger target for hackers? It’s a reality many companies are starting to confront. Keep reading to learn more.
The New “Treasure Map” for Threat Actors
Hide and encrypt the details of your cyber liability policies at all costs. New research suggests that ransomware operators often make steeper demands once they discover their target has this type of insurance.
Tom Meurs, a member of the Dutch police, made this discovery while researching his Ph.D. dissertation. He analyzed 454 ransomware attacks between 2019 and 2021 and started noticing a pattern. The first thing threat actors do after successfully breaching their target environment is hunt for evidence of a cyber-insurance policy.
Expect the ransom demand to spike if they find it, often by a factor of 2.8x or as high as 5.5x if they also manage to steal important data.
The Cost of Cyber-Insurance Details Falling Into the Wrong Hands
Meurs determined that insured companies end up paying $800,000 on average 44% of the time, while non-insured companies only pay around $150,000 24% of the time.
The researcher also mentions that threat actors specifically target establishments from high-paying sectors. For example, the ICT sector tends to take a bigger hit because it often supplies its technology to others, which means multiple companies may become victims of the same attack by association.
Why You Should Never Engage With Ransomware Actors
These unfortunate findings align with what cybersecurity researchers have observed for years. Criminals try to coerce their victims by arguing that since they have cyber insurance and data breach coverage, they have nothing to lose.
But is that true? Law enforcement and ransomware protection specialists advise against paying ransoms for the following reasons:
You’re Not Guaranteed a Positive Outcome
Paying doesn’t promise results. Even if you send the money, attackers may not release your data or send a decryption key that doesn’t work. Some files might stay locked or become damaged.
Acquiescing also encourages more attacks and fuels their operations.
It May Violate Your Insurance Policy
Check the fine print of your policy. It may have terms that expressly prohibit sharing information or directly contacting the attacker.
If the criminal is part of a sanctions list, you could face legal consequences, too. Familiarize yourself with relevant government guidance on this issue, including:
- November 8, 2021, FinCEN Advisory
- September 21, 2021, Updated OFAC Ransomware Advisory
It’s Not the Most Effective Way To Restore Operations
Even if you pay the ransom, there’s no guarantee everything will return to normal. Decryption tools may work slowly or fail to fully recover your data. Focus on backups and a robust, well-rehearsed incident response plan to regain control efficiently.
It Could Impact Future Premiums
The insurer isn’t necessarily the only losing party. Payment of a “limits loss” impacts future premiums differently than a partial loss. Ask your provider for more details on premium calculation.
Taking the Proactive Route for Your Businesses
Why wait for threat actors to target you? Cyber insurance helps cover financial risks, but prevention is key. Invest in cybersecurity training for employees, risk assessment tools, and backup systems.
