Is Your Business More Likely to Burn Down, or Get Hit with a Cyber Attack?
What is most likely to happen to your business in the next two years? Will it burn down, or will you experience a cyber breach like ransomware or business email compromise? All indication for the past two years is that you are vastly more likely to have a catastrophic loss from a ransomware attack than a fire.
The peculiar thing is that nearly every business has insurance for things like a fire or someone tripping on a step. But significant losses for some businesses in 2020 and 2021 were due to various cyber breaches like ransomware, data exfiltration, business email compromise (BEC) and other nefarious tricks. The average ransom demand in 2021 is between $1M and $2.5M, and in the past year, Alvaka has seen two $20,000,000 ransom demands. And remediation costs—done properly—are likely to run between $400,000 and $600,000. That does not include lost revenue, brand damage, lawsuits, fines, etc.
The point we want to drive home is that if you don’t already have cyber breach/ransomware insurance, you need to get it now. Yes, now! Breaches are getting more common, nastier, and more expensive. The insurance not only allows you to transfer the cost of a breach, but the insurance companies bring an outstanding process to the recovery effort that they pay for. This process includes:
- Getting you an attorney, also known as breach counsel
- Getting you a good cyber forensics firm (like Kroll) who will figure out when the break in occurred and what was taken.
- Getting you a ransomware recovery firm that helps put everything back together after it has been trashed by the bad guys
- Providing a containment list to help guide you in resecuring your network
- If needed, you will get a ransomware negotiation firm like Coveware, and in some cases, you will also get a public relations firm to manage any brand damage
You are probably wondering how much cyber breach insurance you need? A good round number is $2,000,000 for most firms, but you can go to this ransomware cost calculator to better assess what an event will cost in terms of professional services, lost revenue and ballpark ransoms to be paid. Here is a link to the Top 5 Reasons to Buy Cyber Breach Insurance.
Cyber breach insurance has a lot of options, limits, deductibles, exclusions, etc., so make sure you talk to an experienced cyber insurance provider. This article, How Much Cyber Breach Insurance Do I Need?, provides valuable information on purchasing cyber breach insurance, including insight and advice from an expert insurance broker, David McNeil of EPIC Insurance.
So, what do you do after you buy cyber breach insurance? The strong trend from insurance companies is to require you to attest to taking specific actions aimed at reducing your likelihood of being a cyber breach victim. The insurance company is likely to insist that you do regular software patching, have multifactor authentication, maintain good backups, do periodic vulnerability assessments, etc. For insights into what those forms look like and how we can help you understand what you are filling out, check out What to Expect from Your Cyber Breach Insurance Policy.
We are available 24×7 to assist you with any of your ransomware needs…contact us at (949) 428-5000 or info@alvaka.net.
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.