Necessary cybersecurity habits such as software patching and vulnerability assessments/penetration tests should not be disregarded due to having cyber insurance. On a related note, Alvaka has recently acquired two clients who needed recovery from ransomware attacks, one client had roughly 6,000 users and the second had 500. Unfortunately, both clients were breached on Christmas Eve. Read our previous article, Ransomware v2.0 Recovery, for more information.
In a recent report by Chubb insurance, it was discovered that ransomware attacks have increased from 2017 to 2018 by 84%. Also, stated in a different report, the global cyber insurance market had a yearly growth rate of 20% to 25%, placing cyber insurance at $2.5 billion in premiums in 2015. KPMG, states that the value will increase to $7.5 billion by 2020 and $20 billion by 2025.
These large payouts are a direct result of inattentive care of network security. However, I am not implying that the entirety of breaches can be avoided; even with exceptional care and significant investments. A security breach can still happen due to a simple inadvertence, or if the attackers are intelligent enough and have the skill, determination, and a bit of luck, breaches can still occur. Nevertheless, consumers of cyber insurance are purchasing what they believe is a “get-out-of-jail-free” card in compensation for their inadequate comprehension of even the most basic, yet necessary, cybersecurity routines.
I support the use of cyber insurance. Our service packages a dark web monitoring tool along with limited cyber-breach insurance as a newly added component of our Patchworx patch management.
As a critical note, a summary of what’s included in a cyber-breach policy should be discussed. Here are some points:
- To qualify for cyber insurance some conditions must be met. In any instance, if an insurance company can demonstrate there was a failure to meet those conditions then coverage can be denied.
- In some specific situations, cyber breach policies do not payout, but in most cases, they limit the amount. Also, most policies do not even compensate for the money spent on recovery, rather it’s for cyber forensics, etc.
In the article, “The Biggest Beneficiaries of the Bitcoin Ransomware Boom Are Not Hackers,” the authors states…
“Given a choice between reviving a breached computer network at a massive cost and paying a ransom, which is usually a couple of bitcoin, it is easy to see what choice insurance companies will make in the case of a cyber-attack.”
Currently, Bitcoin’s price is listed out at $8,941.85. If you would like to see its real-time price, click HERE. A theft of just 4 Bitcoins is worth roughly $34,000. Yes, $34,000. With the case of the Bitcoin ransom in Lake City, Florida, the amount lost was about 56 Bitcoin. Here at Alvaka, we have worked with clients where the amount paid for a ransom was upwards of a million dollars. However, paying the ransom amount doesn’t always guarantee that an encryption recovery will work. Sometimes the ransomware code could contain a bug in it and leave the victim with nothing even after shelling out money to pay the ransom.
In terms of compensation, it is usually better for insurance companies if the victim pays the ransom. The issue with surrendering to these cyber-criminals is that it still leaves the victim highly vulnerable to a second attack since the malware could likely still reside on the network. A good example of this is the unfortunate double-ransomware attack that crippled a Kansas hospital. To ensure a company doesn’t experience a similar situation it’s crucial all systems are wiped, rebuilt, reloaded with data, and put back into place with all configurations. Ultimately, this is an enormous financial burden that most likely is not covered by insurance. To read more about repeated attacks, click here. We’ve seen way too many instances in which a company gets hit twice due to not drastically altering their cyber-protection protocols after the first time.
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.