Is Cyberinsurance a Reason for the Rise in Ransomware Attacks?

ransomware-screen-skullAre cybercriminals counting on the victim’s simple cost-to-benefit decision to have their cyber-insurer pay the ransom? And, if so, are they targeting companies with cyberinsurance?

We’ve discussed the rising uptick of ransomware attacks in frequency, sophistication, and effectiveness here on this blog. But an article popped up recently proposing the question of whether the presence of cyberinsurance is a factor in the rise in attacks. It’s a reasonable assumption – organizations that have an insurance policy protecting them against ransomware attacks would find it far easier to pull the trigger on paying the ransom. A ransom costing several hundred thousand dollars may only cost a small fraction of that in a deductible payment by the victim organization.

While not every cyberinsurance policy pays out – as in the $100 million on-going fight between Mondelez, the owner of brands such as Oreos and Nabisco, and Zurich Insurance group which doesn’t appear to have been settled – organizations with proper riders for ransomware certainly have a much easier decision of whether to pay.

So, then the question becomes, are cybercriminals targeting companies with cyberinsurance? It may seem far-fetched, but, think about it: hackers could target insurers, gain access to an application with customer policy data, export it and… instant target list.

At the same time, cybercriminals can simply look at the headlines for verticals of business that pay the ransom and make some assumptions. Take the rash of recent attacks on state and local government – seems like targeting to me. It could be an assumption of low degrees of security in place, or does it have to do with cyberinsurance?

The right answer is don’t wait to find out.

Even an organization with the least amount of security in place can still put up a good fight with continual Security Awareness Training, which educates users about how they are a necessary part of an attack by clicking on malicious content. Ransomware attacks can increase all they want. But if users are taught how to spot malicious content in email and on the web and never engage with it, your organization is safer from the threat of ransomware.

Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews