Ransomware driving cyber insurance cover, says report

By Cynthia Ezekwe

The increasing rate of ransomware has enhanced the adoption of  cyber insurance to limit exposure  of companies  to infringement of data protection and privacy law, according to findings by Sophos Group.

The Britain based Information Technology Security Company, in its report tagged, “The State of Ransomware 2022,’’ noted that  ransomware has become more prevalent, making most companies understand that  insurance providers are better at guiding victims swiftly and effectively through the incident response process, reducing the remediation cost.

According to the report, an estimate of  $706,452 has been paid in ransom to cybercriminals by Nigerian businesses, thereby making  cyber insurance  a necessity for   organisations that lack the resources to cover cyber security breaches.

The IT company explained  that most organisations are choosing to reduce the financial risk associated with an attack by taking cyber insurance, as they believe that insurers pay some costs in almost all claims.

The report also showed that cyber insurance adoption increases with organisation size, with 88 percent  of 3,001 to 5,000 employee organisations having cover compared to 73 per cent of  those with 100-250 employees. It further noted that organisations hit by ransomware in the last year are much more likely to have cyber insurance than those that avoided falling victim to an attack.

“Among those that were hit, 89 per cent  have cyber insurance compared with 70 per cent  of those not hit. The cause and effect is not clear here. It may be that direct experience of a ransomware incident has driven many organisations to take insurance to help mitigate the impact of future attacks,” Sophos stated.

The report also explained that adversaries may target their attacks on organisations that they know have insurance cover to increase their chances of a ransom pay out.

Another option, it pointed out, is that some organisations took cover to balance known weaknesses in their defences, while the reality could be a combination of all the aforementioned factors.

Global risk reports have also shown that ransomware is one of the most disruptive cyber attacks on the global risk landscape and has resulted in heavy revenue losses, operational disruptions, loss of trust and reputations, drop in share prices, loss of investment opportunities, litigations, fines and sanctions, and a decline in business revenue for many companies.

Thus, the increasing cost of cybersecurity has made a growing need for cyber insurance to limit exposure and liabilities of a company.

Christine Marciano, president, Cyber Data Risk Managers, rightly noted that, “the cyber threats of today are the insurance claims of tomorrow.’’

Marciano noted that  beyond compliance obligations, organisations are considering insurance as part of their risk management strategies.