Ransomware is one of the more invasive types of malware used in cyberattacks. This cyberextortion takes place when one’s website, data, services, or other electronic resources or systems are infected by ransomware and rendered inaccessible. In order to have them unblocked and regain access, the victim must make a payment (ransom) or meet other demands.

Given how much of our data is stored electronically, the prospect of cyberextortion is enough to send chills down the spine of just about any business owner. While it’s near-impossible to fully protect yourself against these attacks, you may be able to purchase insurance coverage to stymie financial losses in the unfortunate event that you are hit by an attack.

What is ransomware?

Ransomware’s entire purpose is to lock down your system, blocking your computer resources and infecting your devices. This can happen through a number of channels, including websites that you visit or phishing email you receive. If you happen to download an unsavory attachment or click on a link in a phishing or spam email, prepare for a potential ransomware attack.

Ransomware comes in two flavors: crypto ransomware and locker ransomware. The former encrypts your files so that they cannot be read, holding them hostage until you pay a ransom fee and can unlock them. The latter shuts down access to your computer system or electronic device by locking you out. The difference here is that crypto ransomware targets your files, while locker ransomware shuts down your access to computer resources wholesale.

Ransomware is estimated to cost small and medium-sized businesses in excess of $75 billion in damages annually, with phishing attacks alone increasing nearly 41 percent in 2018. A Cloud Security Alliance survey found that nearly a quarter of tech workers would be willing to cough up a ransom if forced to make that choice.

With Ransomware Insurance, however, you may be able to protect yourself financially from the costs of dealing with and recovering from ransomware attacks.

What is Ransomware Insurance and what does it cover?

Ransomware Insurance is a type of insurance policy that can cover the financial losses stemming from a ransomware attack. While Ransomware Insurance Coverage is often included within cyber liability insurance policies, as hacker attacks have continued to mount, standalone Ransomware Insurance policies are beginning to emerge. Ransomware Coverage, when included in a cyber policy, often has a much lower sublimit. For example, a $1 million cyber liability policy might have a Ransomware Coverage sublimit of as low as $25,000 unless modified by an endorsement.

Example:

• In 2019, a cyberattack using the Ryuk ransomware fetched more than $1 million from Florida government authorities alone—Lake City officials authorized payment of about $500,000, while Riviera Beach officials gave the green light to a $600,000 ransom. The ransomware was initially downloaded by an employee via an infected email attachment, which then spread the malware to multiple systems, locking them down and placing ransom notes in each affected file folder. In the end, the majority of the ransom payment was covered by the city governments’ insurers.

With the FBI estimating in 2017 that ransom payments had hit $1 billion that year alone—and that amount continuing to rise over time—more businesses are seeking Ransomware Insurance to protect against these digital hackers.

Depending on your provider, Ransomware Insurance may cover:

• The ransom fee demanded by hackers
• Crisis management and investigation costs
• Interruption to your business
• Hardware replacement
• Data restoration or recreation
• Damage to your business’s reputation
• Hiring negotiators to handle hackers
• Costs associated with shoring up your computer system

However, keep in mind that not all policies are the same, so be sure to check with your specific insurance company before committing to coverage.

What factors should I consider when choosing a policy?

As you’re considering the advantages and disadvantages of Ransomware Insurance, there are a few major aspects you’ll want to research.

Definition of Extortion

It’s crucial to know what your insurer defines as extortion, given that this is a primary factor in determining specific coverage.

Example:

• Your food service company is one of several hit by a particular ransomware attack. Though your files have been locked down by hackers, a lack of a specific ransom note could indicate to your insurer a lack of demand for payment and thus influence the decision to deny coverage on this basis. This can happen when hackers hit businesses not to necessarily extort money but to exploit data that they find on affected systems.

Industry

Consider whether you’re in an industry that is particularly hard-hit by cyberattacks. According to the National Association of Insurance Commissioners, anyone—including government entities, private businesses, and individual entrepreneurs—can be victimized by hackers, but one fast-growing target is healthcare organizations. Financial institutions are also particularly at risk here.

Example:

• The first recorded ransomware attack took place in December 1989, when the PC Cyborg (AIDS) trojan horse hit the healthcare industry through infected floppy disks purporting to offer fresh information on the AIDS virus. However, it instead encrypted files and masked directories, rendering computer resources inaccessible. Today, the healthcare industry remains a major target for ransomware attacks.

Payment Terms

Something else to consider is a policy’s payment terms regarding ransoms. Keep in mind that since most policies mandate written consent from the insurer before a victim can pay a ransom, you might experience a delay in getting your business back up and running. It’s also important to know that while an estimated 45 percent of businesses complied with ransom demands in 2018, just over half of those actually received access to their files. There is no guarantee that a cybercriminal will fulfill the terms of a ransom agreement.

Also, know that that most insurers set sublimits for Ransomware Coverage, meaning that resources are not unlimited when providing payouts. When it comes to deductibles, review your policy carefully to ensure that it takes into account the possibility of multiple attacks within the same policy year.

Do I need Ransomware Insurance?

Of course, not every business has the incentive to obtain Ransomware Insurance. You may find that the cost of this coverage outstrips your resources or simply feel that you are well equipped to absorb this risk.

If you run a small or medium-sized business, you may assume that you are less at risk of a ransomware attack than a larger corporate entity. As times change, however, you’re increasingly being proven wrong. Multiple studies have shown that smaller businesses are often at far greater risk than larger enterprises, given fewer resources to spend on security measures and training to prevent cyberattacks, meaning higher vulnerability and easy prey for cybercriminals.

Businesses in professional services, healthcare, government, and retail are often most at risk.

Example:

• Officials in Licking County, Ohio weren’t prepared for the major ransomware attack that hit in January 2017, affecting everything from data systems to phones. County services were massively affected for the next two weeks as officials, having decided not to pay the ransomware demand, sifted through systems deleting bad code. Later, officials in nearby Franklin County decided to take out a cyber insurance policy with specific stipulations for extortion.

These days, the need for Ransomware Insurance may have less to do with your size and more to do with your willingness to remain vigilant against online invaders.

What are the key exclusions of Ransomware Insurance?

Like any other type of coverage, Ransomware Insurance carries certain exclusions. While these vary among policies, this is a sampling of common ones:

• Failure to Follow. Also known as Failure to Maintain, this exclusion stems from perceived negligence with regard to security. If you haven’t set up your own systems to proactively guard against these attacks, your insurer may refuse coverage. Avoiding this means a watchful eye on your technology departments as well as a careful review of any policy under consideration.
• Scope of Coverage. As noted earlier, careful review of any policy you are considering is essential as insurers may define “extortion” differently and also have varying payment terms.

Conclusion

Ransomware attacks are continuing to evolve, making it challenging to stay vigilant against them as they change in the name of foiling you and your systems. However, education and preventative measures are both key in the fight against these attacks. It’s crucial that you educate yourself as to what you’re up against here as well as any specific vulnerabilities that your business may feature.

As you weigh the pluses and minuses of Ransomware Insurance, there are several steps you can take to ensure your business’s basic cyber-safety and to increase the chance that your insurer will pay down the line should an attack occur. Three major ones: use backups should you need to restore your data, deploy a reputable cybersecurity system, and train your employees on email security. Keeping these systems up to date is a major chink in the hacker’s armor and with cybercriminals getting savvier all the time, you may need all the help you can get.