Skip to Main Content Back to Top Let's Talk
Home Blog Ransomware insurance coverage

Ransomware insurance coverage

Higginbotham H logo

A message pops up on your screen: ransomware has infected your system, all of your files have been encrypted, and the hacker is demanding a large payment. If you don’t pay the ransom, you won’t receive the decryption key and the hacker may sell your data on the dark web. This is a frightening but common scenario – and one that can make you grateful you have ransomware insurance coverage.

The Rise of Ransomware Attacks

Ransomware attacks have surged in recent years. SonicWall says there were 623 million ransomware attacks in 2021 – a year-over-year increase of 105 percent. Between 2019 and 2021, ransomware attacks increased by 232 percent.

Some early reports on attacks in 2022 suggest ransomware attacks may have dropped somewhat. Although this may sound like good news, it’s not time to celebrate yet. Even if the number of ransomware attacks decreases, they are still incredibly common. It’s also possible cybercriminals are simply adjusting their tactics. The unavoidable reality is ransomware is a major threat and will likely continue to be a threat for the foreseeable future.

To Pay or Not to Pay

Organizations that are hit with ransomware are faced with a decision: should they pay the ransom or not?

Some businesses pay because they feel they have no other viable option. The business is losing money and the people it serves may be negatively impacted. Some businesses may view the ransom as a necessary cost, especially when hackers are threatening to publish or sell sensitive data if they don’t pay up.

The argument against paying is that ransomware payments may be funding terrorism. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has warned that making a ransomware payment to cybercriminals could violate OFAC regulations and encourage more ransomware attacks.

Indeed, a report from Cybereason shows that 80 percent of ransomware victims who paid were victims of a second attack, and 68 percent were hit with a larger ransom demand in less than a month. Since cybercriminals know these victims will pay, why wouldn’t they target them?

Also, paying a ransom isn’t a guarantee you’ll recover all of your files. In fact, Sophos says only 8 percent of businesses that pay the ransom recover all their files.

Whether or not victims pay the ransom, they’re facing major costs and disruption.

What happens after an attack?

A ransomware attack can be as disruptive as a natural disaster or another major emergency. Organizations need to respond quickly to contain the damage and recover their systems. If they are locked out of their essential systems and files, they may be operating blind – if they’re operating at all. Scheduling systems may be inaccessible. A hospital might not be able to see its appointments and a hotel might not be able to access its reservations. Ransomware can also shut down physical systems that rely on computer systems – closing cash registers, locking hotel guests out of their rooms and causing general mayhem.

This disruption is significant, but it’s only part of the problem. When hackers infect your system and encrypt your files, they may also gain access to your files. As a result, a ransomware attack can also be a data breach. Many states have enacted data breach notification laws that require companies to notify customers whose personal information has been impacted in the breach. Companies may also face lawsuits and fines for their failure to prevent the breach and keep the data in their care safe from bad actors.

According to IBM, the average cost of a data breach is $4.35 million, and the average cost of a ransomware attack (not including any ransom paid) is $4.54 million.

These numbers admittedly include figures from large companies. Small and midsize businesses might assume their costs will be much smaller. However, small companies often underestimate the negative impact of a ransomware attack. Nationwide found that 40 percent of small business owners think a cyberattack will cost less than $1,000, and 60 percent think it will take less than three months to recover. In fact, the average recovery cost is $15,000 to $25,000, and the average recovery time is 279 days.

Ransomware attacks can overwhelm a company’s resources, no matter whether the company is small or large. Most organizations need support dealing with a ransomware attack – ransomware insurance coverage provides that support.

Businesswoman working on laptop by males coworker at workplace

How Cyber Insurance Policies Can Help

Many general liability insurance policies exclude cyber claims related to cyberattacks and ransomware demands. However, cyber coverage for ransomware is available under cyber insurance policies with ransomware coverage.

As cyber insurance policies vary, you’ll need to review the policy terms to determine exactly what it covers. However, the National Association of Insurance Commissioners (NAIC) says many cyber policies cover ransom demands and related expenses as well as repair costs. Be aware, though, that coverage may be subject to certain requirements and limitations. For example, if you don’t notify your insurer before you make the payment, it might not be covered.

Whether or not you want to pay a ransom, cyber insurance can help you recover from an attack. For example, your cyber insurance policy can cover legal costs, costs associated with data restoration and repairs, and costs associated with notifying consumers about data breaches and providing credit monitoring to those affected.

The Cyber Insurance Market

At this point, buying cyber insurance probably sounds like a no-brainer. It’s true that coverage is a smart investment; however, the rise in ransomware attacks and costs has impacted the cyber insurance market. Cyber insurance premiums have increased, and cyber underwriters have become a lot pickier.

The Council of Insurance Agents & Brokers (CIAB) says cyber rates have experienced large rate hikes:

  • Up 20.3 percent in the third quarter of 2022
  • Up 26.8 percent in the second quarter of 2022
  • Up 27.5 percent in the first quarter of 2022
  • Up 34.3 percent in the fourth quarter of 2021

Keep in mind, these are averages – some accounts have seen much steeper rate hikes.

Cyber insurers have also enforced strict cybersecurity requirements. If you’re not using multifactor authentication and other common cybersecurity practices, you’ll probably be unable to secure coverage. If the insurance company finds out you misrepresented your cybersecurity practices, it could void your coverage. According to Insurance Journal, Travelers voided a policy after a ransomware attack because the carrier said the client misrepresented its use of multifactor authentication on the insurance application.

Securing Ransomware Coverage

Right now, businesses are in a difficult spot. As ransomware risks are out of control, businesses need ransomware insurance coverage. At the same time, cyber insurance coverage costs are also surging, which means obtaining coverage is more challenging.

This may seem like an impossible situation, but there are solutions. By strengthening their cybersecurity and risk management practices, businesses can reduce the chance of an attack and improve their insurance application.

An experienced insurance broker can help you navigate the process. Do you need a partner in cyber and ransomware insurance? Higginbotham can help. Learn more about our cyber liability insurance offerings.

Not sure where to start? Talk to someone who wants to listen.

A great plan starts with a conversation. Let’s talk about what you need.

Let’s Talk

Request a Quote

Woman looking sideways to window in design office
Higginbotham H logo