Ransomware attacks nearly doubled over the last year, with an estimated 50% of businesses experiencing at least one ransomware attack. Insurance companies have stepped in to address this problem by offering ransomware insurance. In fact, ransomware related claims were the most common type of cyber insurance claim last year.
With the size and scope of this problem, it’s understandable that more and more companies are seeking ransomware coverage. A solid cyber insurance policy can be a matter of life or death for many companies. Expenses related to a ransomware attack can easily run into the millions, and having to cover these out of pocket can cripple many companies.
As a result, cyber insurance policies have multiplied, making it more challenging to decide which insurer to go with. The best ransomware insurance depends on the needs of each organization, but there are few things everyone should keep in mind when shopping around.
What Makes Good Ransomware Insurance
The best ransomware insurance coverage will ideally cover the following expenses:
- Professional Ransomware Response
- Cyber Extortion Coverage
- Legal Costs Associated with Data Breaches
- Reputational Damage
Professional Ransomware Response
One of the first things to verify when looking for insurance is whether it covers professional ransomware response. The biggest cost associated with ransomware for most organizations is not the ransom (in the event that they are forced to pay) but downtime caused by file encryption. Having a professional service handle things like removing malware, restoring data, patching vulnerabilities, and negotiating with and paying attackers can greatly speed the recovery process.
Cyber Extortion Coverage
Cyber extortion takes many forms. The most common form of ransomware extortion is encrypting important files, or sometimes entire networks, and demanding money for the decryption key. In recent years, however, data exfiltration is on the rise. Hackers may seize sensitive data, including the private data of clients or proprietary information. They will then threaten to release the data to the public if the price is not paid. It’s always better to avoid paying this if possible, but in some cases the damage is such that there is no choice.
This is another area where consulting with ransomware experts is important. Some ransomware gangs will threaten to release sensitive data unless paid. Even if paid, some will demand a second or third payment. Other gangs are a bit smarter and will try to build a reputation, believe it or not. Ransomware experts keep notes on different gangs, and can sometimes help to assess if a gang will be true to their word.
Legal Costs Due to Data Breaches
A major data breach can come with a lot of expenses. These expenses vary by country; the United States, for example, tends to have the highest average costs per data breach. This is partly because Americans file more lawsuits than in any other country, but penalties for bad handling of data breaches are common around the world. We look at this topic at length in our compliance guide, and it’s certainly something to keep in mind when shopping for cyber insurance coverage.
Depending on the type of data a company stores, a hack can be a major blow to reputation. This can result in clients taking their business elsewhere and an overall decline in revenues. Rebuilding trust may require a public relations campaign, which can also be expensive.
Finding the Right Policy for Your Needs
The best ransomware insurance on the market will probably cover all of these bases. This coverage is not cheap, however, and as ransomware attacks increase in frequency and severity, premiums are going up. On the bright side, though, not every company needs total coverage. For example, companies that don’t store a lot of client data probably won’t need as much coverage for legal and reputational expenses.
Most policies are tailored for individual clients, and insurance companies can help with determining your organization’s needs. However, it’s best if you have a fairly clear idea of your needs before talking with sales representatives. The better informed you are before hand, the more likely you will be to avoid purchasing unnecessary coverage.