Each year the total ransomware cases and money demanded, either through bitcoin or other monetary means, increases. Attacks can cost businesses and governments millions of dollars in recovery fees, and the enormous payout is why the ransomware industry is so enticing to cybercriminals. There are many other factors to why a soar in ransomware incidents are occurring, but could cyber insurance be unintentionally contributing to its expansion?
On a side note, it is always important to stay relevant to the information that can help you stay vigilant to cyber threats. Click below to read some tips on how to better protect your business from ransomware.
In a statement by the FBI regarding ransomware, they express their, “discourag[ment] [towards] payments of cyber ransoms arguing that it could encourage this criminal business model.” The unfortunate reality is that, most of the time, businesses decide to pay a ransom because it is a more financially wise decision. Paying only gives cybercriminals an incentive to strike again and inadvertently expands the ransomware criminal industry.
Additionally, insurance firms “won’t make an ethical or a moral decision but the best business decision,“ and shockingly, “a survey of 600 U.S. business leaders conducted by IBM in 2018 […] found that 70% of the business leaders had paid a ransom after a cyber-attack.” The purchase of cyber-liability insurance is not slowing down, and KPMG predicted, “the global cyber insurance market has been experiencing yearly growth of between 20% to 25%. Worth $2.5 billion in premiums in 2015, this is expected to balloon to $7.5 billion by 2020. By 2025 this is projected to rise to $20 billion.” The ransomware criminal industry may also see growth in the upcoming years as more cybercriminals rush to take advantage of the payouts from insurance firms. As more ransomware cases occur, demand for cyber insurance increases. However, as more insurances pay ransoms, more cybercriminals flood into the criminal industry to strike rich. Gold rush ransomware edition?
Having your business equipped with sufficient protective measures is the best method to halt the development of more cybercriminals. Being proactive is always more advantageous than being reactive. Advocating for the reduced purchases of cyber insurance is not the proper solution. Cyber insurance is valuable, and where business owners make mistakes is where they place their priority. Rather than seeking the most desirable cyber insurance, business owners should place greater emphasis on strengthening network security and attaining adequate IT knowledge. A safer network reduces the probability of a breach, and not having a network compromise means your insurance will not have to pay a ransom. As a result, the cyber insurance you have purchased would not be producing an unintentional growth effect on the ransomware criminal business model.