Ransomware is increasingly common, is evolving, and, to complicate matters, no longer only affects computers. This form of malware that thrives on encrypting data for a ransom paid in cryptocurrency also affects smartphones, TVs and any other connected device.
As the price of ransoms soar (in some cases, it has already reached into the millions), it’s beginning to feel like insurance policies specifically designed for ransomware should be commonplace in a business’s security infrastructure.
The rising trend of such policies was pointed out at the last RSA Conference held in San Francisco. The situation was compared with that of actual kidnappings. If potential victims can have policies to pay ransoms for the safe return of a kidnapped person, with ransomware the solution could conceivably be the same. Not only would it protect victims from losing access to valuable data, but also it would give the insurance sector the chance to further diversify its offerings by expanding deeper into the cyber realm.
While there are currently some insurance policies covering the costs of certain cyberattacks, there’s still a long way to go. Generally, cyber-insurance covers damages caused to third parties (something really useful in the event of a cyberattack that affects a business’s clients) and, in some cases, also covers direct losses, among which would be part of the amount paid as a ransom.
For the moment, most cyber-insurance companies do not cover the entirety of ransoms paid out. Thus, policies of up to 10 million euros would only cover 500,000 euros in cases of cyber-extortion such as those occurring with ransomware. However, it is a rapidly developing sector and, in fact, most cyber-insurance policies are virtually bespoke, taking into account the main risks facing a company.
In any case, it is always advisable for a company to have an advanced cybersecurity solution that is best suited to its needs. And it would now seem advisable as well to look into coverage in the budding sector of cyber-insurance.