Cyber crimes continue to experience worldwide growth year after year. Ransomware attacks specifically have significant potential to disrupt business operations and cause huge financial damages. In the fourth quarter of 2022 alone, nearly 155 million Ransomware attacks were detected worldwide. And while several government agencies are working diligently to combat these threats, it’s becoming increasingly important for private businesses and individuals to protect themselves as well.

Amid this quickly growing threat, it’s important for business owners to be prepared in advance of an attack and secure adequate cyber insurance coverage to safeguard their financial health.

The cyber insurance market has seen a huge increase in demand in recent years to meet the demand to mitigate risk against cyber attacks that threaten private businesses, public safety, economic health, and national security. Unsurprisingly, the global cyber insurance market is projected to grow at a CAGR of nearly 25% between 2019 and 2026 according to Allied Market Research.

When facing any number of cyber-related security threats, cyber insurance paired with several risk mitigation strategies is a powerful tool that provides essential coverage to offset related costs and losses.

What is Ransomware?

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. If a business or individual refuses to pay the ransom, they risk losing the data permanently.

According to Verizon’s 2023 Data Breach Investigations Report, ransomware is now present in more than 15% of all incidents and 24% of all breaches. This report also reveals that 74% of all breaches include the human element, with people being involved either via error, privilege misuse, use of stolen credentials, or social engineering.

Source: Verizon 2023 Data Breach Investigations Report

While these statistics demonstrate the huge threat that ransomware poses to a business, they also reveal two significant areas where businesses can protect themselves: employee training and data protection.

Ransomware Protection with Risk Management Strategies

For businesses, it is nearly impossible to avoid ransomware and other cyber threats. That’s why risk management plays a critical protection role. Businesses can take a number of preventative measures to minimize ransomware risks:

  • Backup data, system images, and configurations. Keep backups offline and regularly test the backups.
  • Utilize multi-factor authentication.
  • Update and patch systems in a timely manner.
  • Ensure your security solutions are up-to-date.
  • Review and exercise your incident response plan.

With these strategies in place, you can minimize the likelihood and potential impact of a ransomware attack. Similarly, having these strategies in place will also facilitate your ability to secure cyber insurance coverage.

What is Cyber Insurance?

Cyber insurance helps to protect businesses against the effects of cybercrimes by offering financial coverage for the legal fees, data recovery, incident response, loss of income, and other expenses associated with a breach. Cyber insurance can help to protect a business’s financial wellbeing in the event of a cyber breach.

Cyber insurance is typically divided into two types of coverage: first-party coverage and third-party coverage.

First-Party Coverage

First-party coverage offers coverage for legal fees, recovery and replacement of data, customer notification, income loss, crisis management, ransom payments, fees or fines related to the cyber incident, and more.

Third-Party Coverage

Third-party coverage protects against third party claims brought against a business, and typically offers coverage for payments to consumers, lawsuit or dispute expenses, regulatory response and litigation, other settlements, damages, or judgments, and more.

How Does Cyber Insurance Protect Against Ransomware?

Cyber insurance generally includes specific coverage for ransomware, by offering a payment provision in the event a ransom payment needs to be made. It’s important that you understand the two primary types of payment provisions when selecting coverage.

Types of Ransomware Payment Provisions

One of the most important aspects of a cyber insurance policy is the ransomware payment provision. Given that roughly 46% of organizations worldwide paid a ransom to get their encrypted data back after a ransomware attack, this specific type of coverage is critically important.

There are two primary approaches to handling ransom payments: reimbursement and pay on behalf.

Reimbursement Ransomware Payment Provision

  • Under this provision, a business is required to pay the ransom to cybercriminals out of its own funds prior to filing a claim.
  • After paying the ransom, the business can then file a claim with the insurance company to seek reimbursement for the ransom plus any other covered expenses (such as incident response and data restoration costs).
  • After a claim is filed, the insurance company assesses the claim and, if approved, reimburses the business for the ransom payment and other eligible expenses, typically subject to policy limits and deductibles.
  • Under this provision, the business carries the financial burden and also risks reimbursement delays or claim denials.

Pay on Behalf Ransomware Payment Provision

  • Under this provision, the insurance company takes a more proactive role in handling ransomware incidents.
  • When a ransomware attack occurs, the insurance company directly negotiates and pays the ransom to the cybercriminals on behalf of the insured.
  • The client is not required to make the initial ransom payment out of its own funds, reducing financial strain and immediate cash outflow.
  • The insurance company may also engage in negotiations, which could lead to potentially lower ransom payments, compared to what the client might negotiate independently.
  • The business can focus on other aspects of incident response and recovery while the insurance company manages the ransom payment.

Preferred Payment Provision

Benefits of a “Pay on Behalf” Payment Provision

“Pay on Behalf” is generally considered more advantageous for insured businesses for several reasons:

  1. Immediate Financial Relief: Clients are not burdened with the upfront cost of ransom payments, preserving their cash flow and financial stability during a crisis.
  2. Expertise and Negotiation: Insurance companies often have experience in ransom negotiation, potentially leading to higher success rates and lower ransom payment amounts.
  3. Faster Resolution: Paying the ransom promptly can expedite the decryption process and minimize downtime.
  4. Risk Reduction: The insured business does not bear the risk of an unsuccessful ransom payment or reimbursement claim denial.

Businesses of all sizes in all industries are vulnerable to ransomware. Whether you manage customer data, sensitive information, or simply rely on your own digital infrastructure to run your business, any cyber attack can quickly result in huge losses. Cyber insurance offers critical coverage to protect businesses against ransomware and other cyber threats.

How We Can Help

At Doeren Mayhew Insurance Group, we understand that all businesses are vulnerable to cyberattacks and ransomware. That’s why we work diligently with our clients to secure cyber insurance coverage, while also implementing risk management solutions to further protect their assets and financial wellbeing.

Work with one of our trusted insurance advisors to discuss your unique situation and coverage needs. We can design a customized policy that offers financial protection for your business. Contact us to get started today.