What Does a Ransomware Claim Look Like?
Ransomware claims are on the rise in 2024. Learn how a claim with your insurance carrier would work.

What Does a Ransomware Claim Look Like?


9 commonly asked questions about ransomware and cyber insurance:


One day, you wake up to find that all your business sites have been hacked. All you see is a screen with skull and cross bones telling you that you've been ransomed. Panic sets in.


ransomware screenshot
You don't need to panic when you see a ransomware note if you are prepared

What do you do? This is where cyber insurance comes into play.

Let’s break down some common questions and answers about cyber insurance in a way that’s easy to understand.

Handling a Hack or Ransomware Attack


1. If there is a hack or ransomware attack, who handles the negotiations and payments with hackers or criminal entities?


Answer:


  • Breach Counsel or Incident Response Team: Your team hired by your insurance company will handle it.
  • Why Them? They have the most experience with the hacker group involved. The consultant from either the breach counsel or incident response team with the most experience with that particular hacker group will be chosen to negotiate.
  • Insurance Coverage: The insurance company pays for services like breach counsel, incident response, and digital forensics, minus your deductible.
  • Ransom Payments: If you pay a ransom, the insurance company covers it. Some policies will pay directly and others will reimburse you. Terms where the insurance carrier pays directly are superior.


Average Ransom Payments


2. Can you offer information on the average amount paid during a ransomware attack?


Answer:


  • Average Ransom Payments: $2 million according to Infosecurity Magazine
  • Recent Study: A study from Sophos found the median payment to be $2.54 million.


Speed of Resolving Ransomware Issues


3. On average, how fast do they resolve ransomware issues from notification to payment to key code?


Answer:


  • Varies by Situation: Depends on the ransomware gang and claim circumstances.
  • Quick Response: Engaging the incident response team quickly helps create the best strategy.
  • Restoring from Backups: Ideally, restore from backups to avoid paying ransom. If backups are encrypted or corrupted, this may not be an option.
  • Formal Process: Similar to a hostage situation, the insurance company verifies the hacker’s claims. Victim chooses a file and have hacker unencrypt it to demonstrate they have key.
  • Check OFAC: You must check hacker bitcoin wallet against terrorist watch lists before paying. It's a crime to pay someone on the OFAC list.
  • TLDR: You'll be back to business anywhere from one week to three weeks in ideal circumstances.


Coverage for Failed Negotiations


4. If negotiations fail, what does the insurance cover in terms of lost revenue, downtime, employee payroll, etc.?


Answer:


  • Coverage: Up to the policy limit during the restoration period. You may also have a capped time limit of a certain amount of time such as 90 days, so be sure to go over this with your broker. You want a year of coverage or more if possible.
  • Deductibles: 8-hour deductible for direct losses and 12-hour for contingent losses (third-party hack causing business stoppage).
  • Recommendation: Due to the high costs, it’s advised to contemplate all the expenses in addition to any ransom you may have to pay. Reach out to us for a free benchmarking report.


Additional Questions to Consider


5. What steps can we take to minimize the risk of a cyber attack?


Answer:


  • Regular Updates: Keep all software and systems updated.
  • Employee Training: Educate employees about phishing and other cyber threats.
  • Strong Passwords: Use complex passwords and change them regularly.
  • MFA: Multi-factor authentication needs to be standard on all systems and apps.
  • Backup Data: Regularly back up important data and store it securely.


6. How do we choose the right cyber insurance policy?


Answer:


  • Assess Your Needs: Understand the specific risks your business faces.
  • Compare Policies: Look at different policies and what they cover.
  • Consult Experts: Talk to a cyber insurance expert to get tailored advice.


7. Why Get Cyber Insurance in the First Place?


Answer:


Phishing emails have rose 1265% since ChatGPT's launch. Cyber insurance helps protect your business from the financial fallout of cyber attacks, data breaches, and other cyber incidents. It ensures that you have the resources to recover quickly and minimize damage.


8. How Do We Know How Much Insurance We Need?


Answer:


Determining the right amount of cyber insurance involves benchmarking simulated losses based on your industry and business size. Here are some steps to guide you:


  • Assess Your Risks: Identify the specific cyber threats your business faces.
  • Simulate Potential Losses: Use industry data and your business’s financials to estimate potential losses from cyber incidents.
  • Consult Experts: Contact us to benchmark your company against your competitors with our proprietary software.


9. Does This Policy Cover All Our Websites?


Answer:


  • Step 1: Send a list of your websites in your insurance application.
  • Step 2: If they are all on the same network, no problem! They can all be added.
  • Step 3: If not, we’ll need to answer some control questions for the separate networks.

BONUS: What does cyber insurance cost?

Answer:

There has never been a better time to buy cyber insurance. With the congestion of insurance carriers in the market, prices have been driven to artificially low levels. In addition, cyber insurers have learned a lot of lessons from the large claims during Covid19 and have since been able to reduce claims significantly.

With the right controls, you can qualify for excellent discounts. For example, we are seeing 20% discounts in some of our programs for MDRs.

Cyber prices are typically based on your businesses industry, your annual sales, and the controls you have in place.

We've seen companies with cyber insurance's prices drop more than 20-50% in the last year. Be sure to reach out to a broker that is an expert in cyber to guide you through the process.


Cyber insurance can be a lifesaver when your business faces a cyber attack. Understanding your policy and knowing what to expect can help you navigate these stressful situations more effectively.

If you made it this far, you've become a cyber insurance master, so congratulations. Be sure to subscribe to get more exciting cybersecurity and cyber insurance content. :)

Hungry for more cybersecurity content? Check out the 14 steps to protect your business' data.



Brian Mahon, CIC, CCIC, CRM

Certified Cyber Insurance Counselor

2 个月

They Ask You Answer- great marketing strategy by Marcus Sheridan

Erin Wise

Sales Business Development | Cybersecurity Professional for Financial Institutions

3 个月

This is a must read for every business! Thank you for sharing, Joseph. I find this fascinating….when I was a Bank Manager the FBI would come in and lead meetings to train us on current financial crimes and trends, and what to do. They would try to keep robberies and some of the crimes we saw out of the news for several reasons. One major one, copycats…..so when I see so many ransomware attacks in the news, that is not good. Plus all the online chatter within the criminal communities now, they will keep growing in frequency and severity. Best thing businesses can do is be proactive and prepared. They need good cyber policies combined with software that detects and neutralizes threats.

回复

Woah, this is very interesting to read a whole process!

Rich Slaton

Broadcaster, Producer, Director, Social Media

3 个月

Had no idea ransoms were that expensive!

要查看或添加评论,请登录

Joseph S. Erle, MBA, CIC, CRM, TRA的更多文章

社区洞察

其他会员也浏览了