KnowBe4 Security Awareness Training Blog

Why Are Insurance Companies Insisting To Pay Ransom For Ransomware Attacks?

Written by Stu Sjouwerman | Aug 29, 2019 6:12:15 PM

This week, ProPublica published a report describing how insurance companies now prefer to fork over hundreds of thousands of dollars / pounds / Euros in ransom to minimize the detriment to their insured parties.

The ProPublica report states that paying a ransom to hackers makes complete sense as it cuts the cost of downtime, the need to pay massive overtime to employees who need to recover data and also prevents heavy public relation costs dealing with the aftermath of a ransomware attack.

But Cybersecurity experts working for governments and corporates suggest the other way round while dealing with the cyber attacks. Payment of ransoms in malware attacks doesn’t guarantee you get your data back and actually encourages this type of crime.

William Haul, the President of a Financial firm operating in the UK suggests the same advice given by his insurance company. His firm which became a victim of a WannaCry Ransomware attack in 2017 spent thousands of pounds to rebuild the lost data and in the purchase of new hardware and software.

So, what’s your take on this policy Insurance Company policy?

Once your system is compromised with ransomware there may be residual malware left behind and the only way to totally reduce that risk is to build back from bare metal. Discuss here at KnowBe4's Hackbusters Forum:

https://discuss.hackbusters.com/t/pay-or-not-pay-the-ransom-whats-your-opinion/4416