Ransomware insurance: the costs of a clean-up

One feature of the coronavirus pandemic has been a sharp increase in the number and severity of ransomware attacks. 

According to security firm VMware Carbon Black, ransomware attacks shot up by 148% during March as the virus took off, with the financial industry a particular target. Million-dollar ransoms are no longer particularly unusual.  

And the costs of a clean-up go way beyond the ransom itself - indeed, according to a recent report from cyber insurance firm Hiscox, one company targeted last year ran up total losses of $50 million. 

"The Hiscox report highlights that, whether a ransom was paid or not, the mean losses for all firms subjected to a ransomware attack were nearly twice as much as those that only had to grapple with malware," says Hiscox Cyber CEO Gareth Wharton.

As a result, more and more organizations are turning to cyber insurance to make recovery easier and cheaper. Policies tend to cover a range of services, from IT forensic response and crisis communication to legal advice and, if necessary, credit card monitoring, as well as the ransom itself. 

The costs of a clean-up

Many organizations fail to realize just how much work will be involved in the clean-up - even if the ransom is paid and the decryption software supplied.

"If it's decrypting your system in parallel, meaning it's doing all the files at the same time, you're going to have disc space requirements because you're in effect doubling the amount of files on your hard drive," says Josh Zelonis, a principal analyst with Forrester.

"If the decryption process is not done in parallel and you're having to decrypt everything in sequence, that's a very slow process."

But while cyber insurance can cover these costs, the rising number of ransomware attacks - and the rocketing ransoms being demanded - are having an effect on premiums. Earlier this year, Reuter reported that cyber-insurance premiums started rising by 5-25% late last year.

Meanwhile, some insurers are starting to price ransomware insurance separately from other cyber insurance, or are shifting to coinsurance, whereby policyholders pay 20-30% of the cost themselves.

As you'd expect, according to Hiscox, larger organizations are more likely to have a dedicated cyber insurance policy: while just 12% of businesses with fewer than ten employees do so, that rises to 42% for firms with 1,000-plus employees. 

However, many may have at least partial cover already, says Zelonis - sometimes without even knowing it.

"A lot of organizations don't know that they already have insurance for this type of thing - business interruption insurance. So understanding your policies and doing a review, that's something you should be doing as due diligence ahead of time," he says. 

"If you're doing this while you're trying to figure out whether or not you're going to be able to recover from backups - well, that's really not the right time."