Cover blown? What's next for ransomware insurance?

The global ransomware surge continues. Since May, Colonial Pipeline in the U.S. is reported to have paid $4.4 million to attackers in order to get its infrastructure restarted, and weeks after the Irish healthcare system was attacked, it remaines “significantly disrupted”. Japanese multinational FujiFilm is among the latest high profile victims, having been forced to “shut down parts of its global network” due to a suspected attack.

Over and above these high profile incidents, 2021 has seen a “dramatic increase in ransomware activity”, according to Harvard Business Review, with some demands now as high as tens of millions of dollars. Attacks are trending towards these bigger numbers, increasingly targeting sensitive company information, with the worldwide cost of ransomware predicted to exceed $265 billion by 2031.

Many organisations have planned ahead to mitigate the potential financial impact of being held hostage by taking out specialist insurance policies. While this is an understandable precaution to take, there is a growing sense that the increase in ransomware insurance payouts may be fuelling a rise in attacks, and that cybercriminals are actually targeting organisations who are known to have insurance.

This is having a knock-on effect on the attitude of insurers to the problem. In France, for example, AXA, the country’s largest general insurer, recently announced that it will no longer reimburse ransomware payments for customers within the country. Just days after they made the announcement, its operations in Asia were subjected to a massive ransomware attack, described in some reports as “retaliatory”.

In its analysis of the unfolding situation, the Financial Times said that, “the severity and volume of incidents has led insurers to become much tougher with corporate customers” and the cost of cover is “surging”. Dark Reading went further by questioning whether ransomware incidents will become “uninsurable”. And recently, Ciaran Martin, the former head of the National Cyber Security Centre (NCSC), “called for a dialogue over whether or not it is time to ban insurers from covering ransomware payments.”

As perhaps the ultimate reactive response to a cybersecurity breach, ransomware insurance has become a go to strategy for those organisations that recognise the risk. It’s a pragmatic attitude, but also underlines the widespread vulnerability of IT infrastructure, and with documents and email attachments the most successful method used to deliver ransomware and other malicious attacks, criminals are focusing on vulnerabilities in everyday files such as PDFs, Word, Excel and PowerPoint.

A major part of the problem is that detection-based security methods have to play catch up with new threats. In contrast, Glasswall Content Disarm and Reconstruction (CDR) delivers a proactive defence that instantly cleans and rebuilds files to match its known good industry spec – automatically removing potential threats. This simple approach ensures every document entering the organisation is safe, without sacrificing productivity.

To read more about how we help defeat the risks posed by file-based cybersecurity threats, click here.

‍