FEATURE
– of their insurers, for whom paying the
ransom is by far the cheapest option
when compared to footing the bill for
extensive data recovery. To put this into
context, below are two recent examples
of ransomware attacks that were handled
very differently by the victims, leading to
starkly contrasting outcomes.
In 2019, Lake City in Florida fell victim
to a ransomware attack that crippled
its government systems. Rather than
pursuing data recovery options, it
chose to pay the ransom of around
£350,000 via its insurance policy. The
government itself was only liable for the
£7,500 policy excess, with insurance
firm Beazley paying the balance under
the terms of the policy. It was later
discovered that the decision to pay was
made on Beazley’s own recommendation
after analysis suggested the work
needed to recover the stolen data from
data backups would likely have run into
millions of dollars.
The pragmatism of such a decision is
difficult to dispute in the face of the
evidence. Not only was a significant
amount of money saved in the long run,
it allowed the government to get back to
work much faster than would otherwise
Prevention is better
than cure and
businesses need
to start treating
cybersecurity
insurance as a line
of last resort instead
of a strategy in its
own right.
have been possible. Unfortunately, it also
meant the perpetrators got away with
both the crime itself and almost half a
million dollars in ill-gotten gains.
By contrast, when the city of Atlanta
fell victim to a SamSam ransomware
attack in 2018, it refused to pay the
£42,000 ransom demand and instead
chose to recover the data at its own
expense. While this decision left the
criminals empty handed, it’s estimated
that the total cost to the city was an
eye-watering £6.8 million.
Criminals are getting bolder
As more and more organisations
look to their insurance in the event
of an attack, cybercriminals are also
starting to demand ever-increasing
payments. In the last 12 months alone,
the average ransomware payment has
risen six-fold to £27,000. What’s more,
it appears that criminals are actively
targeting organisations known to have
cyber-insurance policies in place.
The inevitable result is that insurance
providers are steadily raising the cost
of their premiums to cover the growth in
claims – bringing us back to that vicious
cycle again.
Ultimately, prevention is better than cure
and businesses need to start treating
cybersecurity insurance as a line of
last resort instead of a strategy in its
own right. Instead, they should focus
on investing in security technology
and training that will prevent them from
falling victim in the first place. Until that
starts happening again, ransomware’s
renaissance looks set to continue for
some time to come. u
50 Issue 26 | www.intelligentciso.com