2020 has seen a surge of ransomware attacks that lead to devastating damages: business interruption and loss of revenue, reputational damage and even data breach as cybercriminals threaten to release publicly the data that they hold “hostage”. We want to educate insurance agents and their clients about ransomware attacks, how they start, and how to best protect businesses against it.

What is ransomware? Terms and statistics

In a ransomware attack, a company’s data or systems are being hijacked, and access to the hijacked assets is being restricted. Like this, cybercriminals try to extort money from their victims – the ransom – to give back access to data and systems. A new trend for criminals is to go a step further and threaten to leak hijacked, sensitive information to the public, which can have detrimental long-term effects for the victim company. A recent study conducted by Coveware found that these types of threats were used in 70% of ransomware attacks at the end of 2020.
What’s more, ransomware is an increasing threat for small and mid-size businesses: in 2020, 60% of ransomware victims were businesses with less than $50 million in revenue. Even though smaller companies are oftentimes under the impression that cybercriminals have no interest in them, this is proof that this assumption is not only false but dangerous. After all, smaller businesses usually don’t have the resources to survive a longer-lasting ransom, compared to a more established one. 

The business interruptions that result from a ransomware attack are following a worrisome trend. The number of days that businesses have to halt due to the attack has gone up 20% to 19 days. In the last quarter of 2020, the average business interruption even lasted 21 days.
Lastly, the monetary consequences of a ransomware attack need to be mentioned. Attackers know how valuable sensitive data is to a business, and if they are not insured against it, a ransom event can mean the downfall for a business. After all, the actual ransom payment is not the only thing that victim companies need to worry about: reputational harm, a potential data breach (which cost $713,000 on average in 2020!), system rebuilding, and more, are usually following this type of cyber incident. And while the average cost of a ransom payment has decreased, the cost of recovery has more than doubled

What businesses can do

What can a business do to protect itself against ransomware incidents? Luckily, there are steps one can take in order to decrease the chance of falling victim to a cyber incident involving ransom, as well as measures to get as much support as possible to recover from the incident.

In the last quarter of 2020, the average business interruption lasted 21 days.

Deploy cybersecurity awareness training for all employees:
A common way of cyber criminals gaining access to company data is through employees. In the last year,
phishing emails have been a popular way of implementing ransomware into a computer system. What’s more, only 5% of tested employees were able to consistently spot phishing emails in an experiment. That needs to change.
Businesses need to make an effort to train employees about the security and privacy of data and company assets. Anybody can be easily duped when a fake email seemingly comes from the boss or the owner of the company. By increasing employees’ knowledge around tactics used by cybercriminals and showing them behaviors that go against basic security hygiene such as password sharing, you actively decrease the risk of the business falling victim to a cyber incident. All cyber insurance policies issued by Cowbell Cyber include cybersecurity awareness training for all employees of the policyholder. 

Perform weekly data and system backups:
Ransomware is about taking a business hostage by blocking access to systems and data. By backing up data and systems regularly, you can gain the upper hand in an attack. Ideally, data and system backups are conducted weekly to a secure location from which data and systems can be easily retrieved and rebuilt. There are many more reasons than ransomware attacks to have a readily available backup. Backups can drastically decrease, if not eliminate, business interruption, which is oftentimes the worst aspect of a ransom attack. The infected computer, on the other hand, can be taken out of the network and be completely rebuilt with the data saved on the independent drive. 

Subscribe to a standalone cyber policy with explicit coverage of ransomware and business interruption:
Even with all the best security measures taken, a successful ransomware attack can occur. Businesses need to consider financial protection for when an incident happens. A robust cyber policy will provide immediate access to incident response experts such as a breach coach, forensic services, ransom negotiators, and more.

All cyber insurance policies issued by Cowbell Cyber include cybersecurity awareness training for all employees of the policyholder.

Cowbell Cyber’s insurance programs offer such protection for businesses with up to $250m in revenue. Policyholders can build their own cyber insurance policy by opting for coverages that best match their needs and choose between different limits and deductibles based on their risk appetite. Most importantly, through their coverage, they gain access to financial support after an incident, as well as a breach coach, forensics, experts in ransom negotiation, and the previously mentioned cyber awareness training conducted by training experts at Wizer

If you are interested in our standalone policies and individualized coverages, contact us at [email protected].