Companies with cyber insurance are more likely to suffer from ransomware attacks

Rise in ransomware attacks and the role of cyber insurance

A report by 1,350 IT decision-makers has found that companies with insurance are more at risk

Ransomware attacks have been on the rise in recent years, and new data suggests that businesses with cyber insurance are more likely to be targeted. According to a survey conducted by Barracuda Networks and Vanson Bourne,^[1] companies that have cyber insurance are more likely to be victims of ransomware attacks, to experience multiple attacks, and to pay ransoms.

The survey, which included IT executives, provides useful information about the relationship between cyber insurance and ransomware attacks. In 2019, fewer than 20% of businesses reported repeat ransomware attacks. However, during the pandemic, the percentage rose to around 30%, and in 2022, 38% of surveyed organizations reported two or more successful ransomware attacks.

Surprisingly, 77% of organizations with cyber insurance were hit at least once, compared to 65% of organizations without insurance, according to the survey. Furthermore, 39% of businesses with cyber insurance paid the ransom. Worryingly, insured businesses were 70% more likely to experience multiple attacks and were less likely to rely on backup systems for recovery.

While the report makes no direct link between having cyber insurance and being targeted by ransomware, Barracuda Networks CTO Fleming Shi suggests that attackers may identify companies with insurance through social engineering tactics or by targeting organizations likely to have critical data. Shi hypothesizes that attackers believe insured companies are more likely to pay ransoms, which boosts their confidence in receiving payment.

Positive aspects of cyber insurance

In recent years, the landscape of ransomware attacks has evolved, influencing the strategies used by both attackers and insurance companies. According to a Coveware report,^[2] the percentage of ransomware victims who pay ransoms has significantly decreased. The figure fell from 85% at the start of 2019 to 45% in the first quarter of 2023.

This decrease may be attributed in part to the realization that paying ransoms does not guarantee data recovery. According to Sophos' 2022 ransomware report,^[3] organizations only recovered an average of 61% of their data after paying the ransom, with only 4% successfully recovering all of their data.

Insurance companies have taken the initiative to promote better security practices among their customers. According to Jason Rebholz, CISO at Corvus Insurance, insurance providers now require specific cybersecurity controls. Corvus Insurance, for example, saw a 35% decrease in ransom payments after mandating the use of secure and resilient backups. Insurance companies have a vested interest in the cybersecurity of their clients and can provide valuable insights because they closely monitor industry developments and learn from cyber insurance claims.

How to improve security measures

To mitigate ransomware risks, experts suggest businesses prioritize robust endpoint security, multi-factor authentication, and reliable backups. Implementing multi-factor authentication plays a crucial role in minimizing both ransomware and money transfer fraud. Additionally, endpoint protection serves as an essential defense mechanism against ransomware attacks.

For maintaining secure remote access, it is crucial for companies to disable the remote desktop protocol and instead opt for VPNs that incorporate multi-factor authentication. To ensure comprehensive security measures, businesses should collaborate closely with their insurance providers, identifying and implementing tailored security controls that align with their specific needs and requirements.