The trend was already on the rise before the pandemic, but as the business world massively shifted towards remote working, cybercriminals jumped at the chance to exploit the newly revealed vulnerabilities that arose in the hybrid work environment.
Remote workers have quickly become prime targets for hackers, and the amount of successful breaches due to ransomware has skyrocketed. Tout as the cost of data recovery.
A recent report from IBM shows that the average total cost of a data breach increased in 2021 from $4.24 million to $4.35 million, the highest level ever.
Insurance companies have started to cover these costs for the companies, including through the payment of ransoms. However, the situation is completely different in 2022. Like the cybersecurity threat landscape, the cyber insurance market has evolved rapidly over the past year.
Cyber insurers, recovering from two historic years, are refining their qualification processes and raising the bar for claims so companies can no longer rely on insurance alone as part of their protection and recovery strategies.
What is now needed is a sophisticated cyber security strategy that enables people, processes and technology to work together as much as possible towards a goal of “prevention”. Processes should also be defined in case the technology fails or is circumvented by cybercriminals, including proactive screening, early detection and immediate response and containment processes. Insurance remains relevant only as a last resort as good cyber resilience is more critical than ever for businesses.
And although France is currently working on a bill to allow compensation by insurance companies for ransoms paid by their customers, it is actually with the overall goal of raising the level of cyber security for companies, because it is obvious that cyber insurance will be conditional on company justifying previous investments.
The new “wild west” of Ransomware
The sensational and highly lucrative results achieved by global cyber gangs through the deployment of ransomware have not gone unnoticed. And they have led to a flood of new – often less experienced – players on the market who want to make their mark.
The problem is that not all cybercriminal gangs are created equal.
Earlier ransomware developers operated with a level of sophistication and technical capabilities that allowed them to not only steal and store a company’s data, but also return it intact once the ransom was paid.
They behaved like businesses, offering ransomware as a service (RaaS) and selling their code to the highest bidder on the Dark Web, with the side effect of lowering the barriers to entry for a new generation of cybercriminals.
In addition to not having the same level of skills and knowledge to run this kind of complex business, these new malicious actors also ignore the rules set by notorious gangs such as GandCrab. There is a real risk for victims from the 2022 generation (and beyond) to end up paying a ransom without their data being returned to them. If they agree to pay a ransom themselves once – which cybercriminals see as a weakness – companies risk themselves being hit again.
Data is invaluable, and losing it can cripple businesses. And even the most expensive insurance does not restore them.
Thus, the only viable option to prevent this situation is to prevent data breaches from occurring in the first place. This means implementing cyber security best practices.
The wave of increases that insurance companies practice raises all standards
In most cases, businesses that fell victim to ransomware paid the ransom. This situation has only encouraged malicious actors to multiply their attacks, with the indirect consequence of pressuring insurance companies to reconsider their policy offerings and even for some, especially in France, to terminate their cyber insurance policies.
Insurance companies are responding to the rising number of claims by raising the price of their policies or refusing to cover certain attack vectors to avoid going broke.
In France, for example, AXA stopped fully covering the payment of ransoms linked to ransoms, while Lloyd’s of London in the UK excluded state attacks from its policies.
Many insurance companies around the world have halved their coverage after the pandemic and working from home led to an increase in ransomware attacks, whose large compensation left them feeling bitter.
This increase in prices and thresholds for compensation from the insurance companies has a hidden positive consequence for business. It forces organizations to reassess their defenses and weaknesses and implement cybersecurity best practices against ransomware. And it also helps to increase cyber security awareness in organizations.
As insurers’ primary role is to assess risk, they require companies to provide evidence that they are prepared to handle a future attack, thereby encouraging them to raise their standards.
This combination of stricter insurance policies and price increases, combined with the arrival of new players from the “wild west” of ransomware, was the trigger for many companies to stop viewing their insurance as their only safety net.
To avoid collapsing from an attack, companies must stop relying solely on their insurance and focus on putting proactive measures in place to defend their data.
Better visibility in a world where telecommuting rules
XDR (extended detection and response) technology is one of the hottest cyber security concepts today. And for good reason, XDR improves visibility into security operations and strengthens the effectiveness of defense teams by giving them access to richer context, but also centralized access to a set of tools to stop attacks.
Cyber insurance is likely to become essential for organizations. But just because you have cyber insurance doesn’t mean you can’t do without a robust and proactive security posture.
Breach costs companies more than their insurance premiums: In addition to data loss and the recovery process, companies must also bear the costs of remediation, loss of reputation and statutory fines. Price increases are not a good thing in themselves, but increased cyber insurance premiums may well be the exception, prompting all companies to urgently review their cyber security protocols and ensure their teams are properly equipped to identify, report and deal with threats, so a shift from a reactive recovery posture to a proactive prevention and cyber resilience posture can take place.