Tue | Aug 1, 2023 | 4:30 AM PDT

It is no secret that ransomware attacks have been on the rise in recent years and have caused a significant amount of pain to organizations worldwide. One aspect of these cyberattacks that has been hotly debated is the role that cybersecurity insurance plays in these incidents.

To better understand the relationship between insurance and ransomware, U.K.-based Royal United Services Institute (RUSI) for Defence and Security Studies conducted an extensive 12-month research project, which aimed to examine the role of cyber insurance in addressing the threats posed by ransomware.

Cyber insurance has faced criticism, with some asserting that it incentivizes victims to pay ransoms rather than seek alternative remediation options after a cyber incident. This widely-held belief has fueled debates in policy-making circles and cybersecurity discussions. However, RUSI's research presents a different perspective.

RUSI's research challenges the notion that cyber insurance is a direct catalyst for ransomware. The study identifies three main drivers that ensure the continued success of ransomware attacks:

  1. "A profitable business model that continues to find innovative ways to extort victims
  2. Challenges in securing organizations of all sizes
  3. The low costs and risks for cybercriminals in the ransomware ecosystem, both in terms of the barriers to entry and the prospect of punishment"

Despite these drivers, the research reveals that there is no compelling evidence to support the claim that victims with cyber insurance are significantly more likely to pay ransoms than those without it. The study provides a more nuanced view, positing that cyber insurance's impact on victim decision-making is more complex than previously believed.

The role of the cyber insurance industry

The research emphasizes that cyber insurance providers play a vital role in mitigating ransomware risks. Rather than being a direct enabler of ransom payments, the insurance industry has evolved to provide risk management resources and access to industry-leading security professionals and vendors. The goal is to strengthen the cybersecurity posture of organizations and reduce the likelihood of ransom payments becoming necessary.

Manu Singh, Vice President of Risk Engineering at Cowbell, articulates this viewpoint: 

"Most cyber insurers will provide risk management resources and access to industry leading security professionals and vendors to strengthen the cybersecurity posture of an organization, with the goal of reducing the likelihood of the organization needing to pay a ransom.

The cyber insurance industry has certainly evolved throughout the years from a risk transfer option to now driving the cybersecurity change that is needed for organizations to decrease both the frequency and severity of ransomware and data exfiltration incidents including ransom payment as well."

Insights on the evolving nature of ransomware

Ransomware attackers have evolved their tactics over time, moving from data encryption and extortion to data theft and double extortion. This shift has presented new challenges for cyber insurance companies and insured organizations alike. Victims now face the threat of their stolen data being publicly exposed or sold on the internet, even if the ransom is not paid.

Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, elaborates on this aspect:

"As ransomware became a leading threat worldwide, and had been holding many organizations to financial ransom to get their data and business back, many organizations quickly turned to cyber insurance as additional protection from such incidents with policies, including ransomware protection, focused on data recovery and incident response.

However, as expected, ransomware cybercriminals evolved from data encryption to data theft, leaving many insurance policies exposed to this change in tactics. This change in technique changes the incident response process and how cyber insurance responds to such ransomware attacks, as there is no data that is encrypted or needed to be recovered.

It is now in the hands of cybercriminals threatening to sell or leak it on the public internet. If the victim doesn't pay then someone who finds the data valuable might pay instead so the cybercriminal has multiple ways to make a financial profit."

The multifaceted nature of cyber insurance and the complex landscape of ransomware underscore the need for a more cohesive, transparent, and adaptive approach.

Both cyber insurers and insured organizations must work together to foster a clearer understanding of coverage specifics, develop robust security controls, and navigate the evolving cyber threat landscape effectively.

Follow SecureWorld News for more stories related to cybersecurity.