Cyber criminals have a large number of ways of gaining access to a company’s computer systems. What they do when they gain access to that system can also vary widely.
The traditional view of cyber criminals imagines the theft of personal data as a key financial motivator, with the hackers either using this data for their own ends or selling it online. Companies often worry as much about the theft of intellectual property or trade secrets, something which can be far more financially detrimental to the company and more lucrative to the successful cyber criminal.
However, incidents of ransomware attacks have increased significantly over the last few years.
What Is Ransomware?
Ransomware involves the installation of software that shuts down a company’s network or access to key data until such time as the company involved pays a ransom. A popular method of ransomware involves programs that search for all .pdf or .doc extensions on a hard drive or server and encrypts them. The hacker then withholds the encryption key until such time as the company pays the ransom.
A Growing Problem For Businesses
Such attacks have increased exponentially over the past five or six years. Industry experts expect that 2016 will see twice as many ransomware attacks as 2015. The amount of ransom expected can vary widely. In a well known case, Hollywood Presybterian Medical Center paid $17,000 to a hacker to release the ransomware after losing access to patient records for a week. In another, a hacker publicly released thousands of bank statements for customers of Invest Bank after they refused to pay a $3 million ransom (though one should note that this case involved data theft rather than the use of ransomware.)
Companies facing a ransomware attack have to make a number of quick decisions
First, a company needs to decide whether it wants to negotiate with the hacker. Studies suggest approximately 25% of companies will pay the ransom without putting up a fight. Executives will have to make these decisions with a full understanding of the cost of the inability to access these files.
Companies also need to consider to what extent insurance may cover them for a paid ransom. The insurance industry has not standardized cyber insurance coverage yet. Some policies may cover ransoms paid after one of these attacks while others may not.
Some other limitations possible in a cyber insurance policy:
- Some companies offer explicit endorsements to cover cyber extortion.
- Many ransom attacks to date do not request enough of a ransom to meet the deductibles of cyber insurance policies.
- Many insurance companies require that amounts paid under cyber extortion policies remain secret and confidential, to prevent encouraging future attacks. However, this is something an insured may not have full control over.
Companies can take a number of steps to mitigate against ransomware attacks
- Hardware: Fully backing up data on devices not connected to the rest of the company’s network will help organizations recover quickly if they lose access to data on main servers and lessen the urgency of paying a ransom.
- Plan: Institute a cyber extortion response plan, deciding in advance on an investigative and decision-making structure to put into place in the advent of an attack so that the organization can quicken response times and make more informed decisions.
- Train: Institutions should also look to training employees to avoid accidentally installing ransomware on computers connected to company network- as many ransomware attacks result from social engineering scams.
- Software: A number of cyber security companies have invested in the creation of software solutions to ransomware attacks.
As more and more crucial infrastructure for doing business moves online, companies need comprehensive plans for responding to a host of different cyber attacks, including ransomware attacks.
Talk to a broker today to discuss whether your cyber insurance covers cyber extortion attacks and risk management options for protecting your company.