The latest analysis of cyber claims by specialist Lloyd’s insurer Beazley has identified a growing problem with ransomware attacks.
According to Beazley’s Breach Insights, ransomware claims handled by the insurer more than quadrupled in 2016 to 200 incidents (nearly half of these attacks were in the healthcare sector). Beazley expects the number of ransomware claims to double again in 2017.
According to Beazley, organisations are particularly vulnerable to this type of attack during IT system freezes, at the end of financial quarters and during busy retail periods. Cyber criminals are also growing more sophisticated in their use of ransomware and will investigate a company’s systems to select the most critical files and processes in order to extort higher ransoms.
Paying a ransom demand might be the most cost effective way of avoiding a large cyber loss, but there are legal and ethical considerations when doing so.
It is not usually illegal to pay a ransom, although it is illegal in countries like the UK to knowingly pay ransoms to terrorists. And while many companies do choose to pay ransoms to cyber criminals, there are concerns that this only perpetuates the problem.
However, in the event that an organisation is not willing or able to pay a ransom, it is critical to have considered and planned for the consequences. Companies will need to understand the nature and potential magnitude of the exposure associated with any resulting cyber attack, such as a DDoS attack or a data breach.
Cyber insurance can also play a role here. While insurance can cover ransom payments, it can also help mitigate the consequences of not doing so, such as business interruption losses or third party liabilities.
Download Cyber Decoder
For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on firstname.lastname@example.org