Ransomware insurance is not a cybersecurity strategy

According to the 2022 CESIN cybersecurity barometer, 54% of French companies were the subject of a cyberattack in 2021 and one in five companies was targeted by a ransomware cyberattack!

The trend was already on the rise before the pandemic, but when the business world massively shifted towards remote working, cybercriminals jumped at the chance to exploit the newly exposed vulnerabilities that arose in the hybrid work environment.

Remote workers have quickly become the primary targets of hackers, and the volume of successful breaches due to ransomware has skyrocketed. So does the cost of data recovery.

A recent report from IBM shows that the average total cost of a data breach increased in 2021 from $4.24 million to $4.35 million, the highest level on record.

Insurance companies have started to cover these costs for companies, including through the payment of ransoms. However, the situation is much different in 2022. Like the cybersecurity threat landscape, the cyberinsurance market has evolved rapidly over the past year.

Cyberinsurers, recovering from two historic years, are refining their qualification processes and raising the bar for claims, so businesses can no longer rely on insurance alone as part of their protection and recovery strategies.

There is now a need for a sophisticated cybersecurity strategy that allows people, processes and technology to work together as much as possible towards a goal of “prevention”.

Processes should also be defined in the event the technology fails or is circumvented by cybercriminals, including processes for proactive monitoring, rapid detection, and immediate response and containment. Insurance remains relevant only as an emergency “cure” as good cyber resilience is more critical than ever for businesses.

And indeed, even if France is currently working on a bill authorizing compensation by insurance companies for ransoms paid by their customers, it is indeed with an overall objective of raising the level of cybersecurity of companies because it is obvious that cyberinsurance will be conditional on the company justifying prior investments.

The new “Wild West” of ransomware

The sensational and highly lucrative results achieved by global cyber gangs through the deployment of ransomware have not gone unnoticed. And they have led to a flood of new – often less experienced – players on the market, looking to make their mark.

The problem is that not all cybercriminal gangs are created equal.

Previous ransomware developers operated with a level of sophistication and technical capabilities that allowed them to not only steal and store a company’s data, but also return it intact once the ransom was paid.

They behaved like businesses, offering ransomware as a service (RaaS) and selling their codes to the highest bidder on the Dark Web, with the side effect of lowering the barriers to entry for a new generation of cybergangs.

In addition to not having the same level of skills and knowledge to run this kind of complex business, these new malicious actors also disregard the rules laid down by notorious gangs, such as GandCrab.

There is a real risk for victims of the 2022 generation (and beyond) to end up paying a ransom without their data being returned to them. If they agree to pay a ransom even once – which cybercriminals see as a weakness – companies put themselves at risk of being targeted again.

Data is invaluable, and losing it can cripple businesses. And even the most expensive insurance does not recover them.

Thus, the only viable option to prevent this situation is to prevent data breaches from occurring in the first place. This means implementing cybersecurity best practices.

The wave of increases practiced by insurers raises all standards

In most cases, companies that fell victim to ransomware paid the ransom. This situation has only encouraged malicious actors to multiply their attacks, with the indirect consequence of pushing insurers to reassess their policy offers and even for some, notably in France, to end their cyberinsurance policies.

Insurance companies are responding to the growing number of claims by raising the price of their policies or refusing to cover certain attack vectors to avoid going broke.

For example, in France, AXA completely stopped covering the payment of ransoms linked to ransomware while in the United Kingdom Lloyd’s of London excluded state attacks from its policies.

Many insurers around the world have halved the amount of their coverage after the pandemic and working from home led to a spike in ransomware attacks whose heavy compensation has left them feeling bitter.

This increase in prices and thresholds for compensation by insurers has a hidden positive consequence for the business world. It forces companies to re-evaluate their defenses and weaknesses and implement cybersecurity best practices. And it also helps to heighten cybersecurity awareness within organizations.

Since the primary role of insurers is to assess risk, they require companies to provide evidence that they are prepared to deal with a future attack, thereby incentivizing them to raise their standards.

This combination of stricter insurance policies and price increases, coupled with the arrival of new players from the “Wild West” of ransomware, was the trigger many companies needed to stop seeing their insurance as unique. security net.

In order to avoid collapsing from an attack, companies must stop relying exclusively on their insurance and focus on putting in place proactive measures to defend their data.

Better visibility in a world where teleworking prevails

XDR (extended detection and response) technology is one of the hottest cybersecurity concepts today. And for good reason, XDR improves visibility on security operations and reinforces the efficiency of defense teams by giving them access to a richer context but also centralized access to a set of tools to stop attacks.

Cyber ​​insurance is likely to become essential for organizations. But just because you have cyber insurance doesn’t mean you can’t do without a robust and proactive security posture.

Breaches cost companies more than their insurance premiums: in addition to data loss and the recovery process, companies must also bear the costs of remediation, loss of reputation and regulatory fines.

Price hikes are not a good thing on their own, but increased cyber insurance premiums may well be the exception, prompting all companies to urgently review their cybersecurity protocols and ensure that their teams are properly equipped to identify, report and deal with threats so that a shift from a reactive recovery attitude to a proactive prevention and cyber-resilience attitude can take place.

Leave a Comment