Why cyber insurance is keeping the ransomware industry in business.
As all good managed IT companies and manage security providers do, we are in constant training. From daily check-ins, weekly trainings and monthly seminars, we are kept apprised of the latest trends, threats and how to mitigate them. For us, it has worked incredibly well for many years. But a new threat has arisen that we didn’t expect: ransomware insurance from insurance industry.
How the Insurance Industry is Encouraging Bad Cybersecurity
With the best of intentions, insurance providers have given a literal blank check to ransomware hackers and their supporters. It needs to stop, and it needs to stop now.
Here’s the rationale some businesses pursue: if a business has the proper infrastructure, backups, security and so forth when a ransomware attack occurs, restoring from backup and getting quickly backup will happen so fast that they will be able to absorb any downtime encountered. The ransom will not be paid.
If a business is given the opportunity to pay $1000 a month premium to the insurance provider instead of paying $100,000 to have the proper infrastructure, the business will take advantage of the insurance company paying out during a ransomware attack. The company no longer has to spend any money to secure their infrastructure because there is an industry pillow stopping them from getting hurt.
This is effectively a scam to insurance companies and promotes bad cybersecurity. It is wrong.
How Insurance Companies are Setting a Dangerous Precedent
Normally, a company needs to have secured networks, proper security, proper backups, proper management, and proper technology to defend themselves against attacks. They should have systems in place to mitigate any and all attacks and be able to recover quickly in the event that penetration occurs.
So, the burden now has been transferred to the insurance industry. Since most insurance businesses are not in the technological field when a claim is presented, they will most likely pay out.
So, let’s take this as an example:
You have a building that keeps getting hit by lightning, rain penetrating the roof, or some other event. The insurance company will probably pay the first time, but they will require the roof to be repaired and lightning mitigation technologies to be put into place. This is correct to a point in the ransomware industry. The first hack should never occur when properly securing your network’s and technology.
Ransomware authors know this, and that is exactly why they are banking on it for a quick payout. Insurance businesses need to stop offering ransomware insurance protection and payout liability policies. They need to start changing and requiring infrastructure to be modified in order to prevent a claim.
To our insurance clients, please take this to heart because, as studies have shown ransomware writers are hoping you do exactly what you’re doing right now, and you’re helping to fuel this industry to its maximum.
To businesses banking on insurance to solve all your cybersecurity woes, it’s important to remember that ransomware attackers don’t need to unlock your systems if you pay out, and there are other threats such as corporate espionage and data breaches. Contact us today to learn how we don’t just protect against ransomware but provide a full suite of cybersecurity and IT support.
Contact us today to learn more.