Certainly, they are not direct effort by insurers to boost cyberattacks, but a relationship has been proposed.
It comes as no surprise to hear that ransomware attacks are on the rise, but new perspectives are connecting this trend with increasing the availability of products from cyber insurance companies.
Essentially, the more organizations are covered against attacks, the more likely criminals are to be paid.
As cyber insurance companies become more commonplace and companies and organizations better understand the importance of coverage, large policies are being purchased. As a result, when ransomware attacks are made, the funds are available to make payments up to a certain size. Furthermore, that size is growing, depending on the target.
Everyone from multinationals to airports and whole cities have been victims of ransomware attacks. That said, while the ransom demands had been reasonably small for many years – as it is, after all, only profitable for criminals to attack when their ransom is paid, so the amount had to be within reach of the victim – coverage has caused that figure to grow.
Cyber insurance companies have indirectly made ransomware a far more lucrative type of crime.
Ransomware attacks have struck many places across the United States and around the world. Many have been quite high profile. This includes a number of U.S. cities. Many of these victims have paid the demanded ransom, frequently after unanimous votes among municipal leaders. The reason is frequently that they have purchased cyber insurance policies and therefore have the coverage they need for much of the ransom to be paid by their insurers.
Moreover, those policies also frequently assist the victims in rebuilding their security and in overcoming reputational damage, among other expensive challenges, said an ARS Technica report.
Since ransomware using criminals are aware of this, they are carefully designing their attacks to be less costly to pay the ransom than it would be for the victim to try to recover on their own. As cyber insurance companies continue to sell due to the rising threat of cyberattacks, so do the number and severity of attacks rise as a result. At this point, which remains relatively early in this sector, it is unclear as to how high the figure will need to grow before a tipping point is reached.