MMalware prevention is a key priority
for CISOs as part of their overall
cybersecurity strategy. All forms of
malware have the potential to cause
significant damage to organisations,
and as a particularly destructive
threat, ransomware should be top of
mind when it comes to having robust
cybersecurity infrastructure.
Ransomware has been an ever-present
threat to businesses of all shapes and
sizes for almost two decades. While it
was originally conceived as a means to
extort money from individuals, it wasn’t
long before cybercriminals realised it
was just as effective – and far more
profitable – to use against organisations
as well. Within just a few years,
ransomware like Reveton, CryptoLocker
and more recently, Wannacry, was
being used to bring businesses around
the world to their knees, with victims
ranging from corporate entities and local
governments, to universities and medical
centres. In short, no one was safe.
As awareness of the threat grew, many
organisations upped their cybersecurity
game significantly and it wasn’t long
before additional investment in both
technology and employee security
training started to translate into a
noticeable fall in ransomware attack
volumes globally. For a while, it even
seemed like ransomware was heading
for the rubbish heap. However, a recent
resurgence has propelled ransomware
right back to the top of the cyberthreat
list. The question is, what’s behind it?
As unlikely as it may sound, there’s a
growing body of evidence to suggest that
the rise of the cybersecurity insurance
industry may well have played a key
role in ransomware’s renaissance. In
this article, we’ll look at some of this
evidence and evaluate whether something
designed to be part of the solution to
cybercrime has unintentionally become a
large part of the problem.
Cybersecurity insurance –
an unlikely villain?
FEATURE
simply encrypting victims’ data and
demanding money for its return like
they used to, many have quickly learned
that threatening to release it publicly
is a great way to expedite a desired
response. That’s because in the age of
the Internet, public exposure poses far
greater risks to many victims, including
potentially fatal reputational damage,
as well as significant regulatory fines
in some cases. For this reason, it’s no
surprise that cybersecurity insurance
has exploded in recent years, as
organisations scramble to protect
themselves as best they can against
such a potent threat.
However, this rise in cybersecurity
insurance has quickly created
unexpected problems, primarily because
so many victims are now finding it
far quicker and easier to simply pay
the ransom through their insurance
rather than trying to deal with the
fallout themselves. The more victims
use insurers to pay ransoms this way,
the more criminals are encouraged to
keep carrying out attacks. It’s created a
There’s a growing
body of evidence to
suggest that the rise
of the cybersecurity
insurance industry
may well have
played a key role
in ransomware’s
renaissance.
vicious cycle that’s proving to be both
profitable and rewarding for hackers,
while motivating more and more
organisations to invest in insurance
policies to cover themselves.
Jan van Vliet, VP EMEA, Digital Guardian
Most cybercriminal operations are
highly organised and extremely
ambitious in their scope. Rather than
What’s more, many ransomware victims
are paying off cybercriminals with the full
agreement – and even encouragement
www.intelligentciso.com | Issue 26
49