Cyber-crime is propagating at an unprecedented rate with the number of attacks growing each year. Thousands of companies fall victim to this malicious plague. However, in recent times, a number of cyber insurance companies have evolved in response to the increase in cyber-attacks.
Insurance companies were initially reluctant to provide cyber insurance since sufficient actuarial data is not present, and it’s hard to predict the accurate costs associated with cyber risk.
Fortunately, cyber insurance is now available for these risks. Companies, large and small, as well as government institutions, have the opportunity to ensure their companies in the fear of increased cyber-crimes. It is imperative for companies and government institutions to secure for themselves some degree of insurance, depending on the possible level of damage. Insurance policies vary depending on the degree of coverage required. They can provide coverage for issues as cyber extortion and ransom payment. The policies can also include coverage to fulfill the liability to third parties that may arise as a result of the attack, for example, customer claims, the liability that arises due to failure of fulfilling the orders or providing services on time. Other insurance costs may also include investigative and crisis management costs that arise as a result of ransomware removal.
The conditions for the insurance plan are set in prior. Depending on these terms, the policy may include insurance for other extrinsic costs such as lost income due to the halted business activities, up-gradation of the security software of the company, and other miscellaneous expenses.
Security officials are against the idea of paying ransom for ransomware removal as this increases the risk of more attacks. However, in many cases, insurance companies are adamant to pay the ransom and fulfill the attacker’s demand, even when other alternatives such as files saved in back up are available.
Insurance companies convince their clients to pay the ransom as it reduces the victim company’s recovery and downtime costs. Entailed in recovering lost revenue due to ceased services of the company, IT costs in hiring officials to install security software to mitigate weaknesses in cyber protection and fees for professionals hired for data recovery and repairing the damage caused.
This gives rise to the view that by fueling the attackers with huge amounts of ransom, insurance companies are encouraging more attacks in the future, contributing to the spread of the crime. Although it is true that the insurers want to avoid paying the reimbursement costs as required by the coverage, it is cheaper to pay the ransom. They are actually worsening the issue of ransomware attacks in the long run by giving in to the demands of the criminals.
Insurance companies, however, are strongly opinionated that it’s better to obtain the encryption key for ransomware removal by paying ransom rather than baring huge coverage costs for the benefit of the company. Restoring the backups and resetting the system itself takes a lot of effort, time, and money, while organizations prefer to resume operations at the earliest.
However, the choice still lies in the hands of the company to pay the ransom or not. Many companies require the insurers to pay their ransom, especially when they do not have proper backups, or the backup might also be infected with malware.