The number of ransomware attacks has made another sharp increase in 2019, fueled by unprepared targets in the local government sector and ready payouts from insurance companies. The goal of the insurance provider is to reinstate the business as soon as possible with the least financial impact, but this has had a net negative impact on cybersecurity as a whole by making ransomware attacks increasingly more attractive to attacks.

Theresa Payton, former White House CIO who spoke at the recent CloudSec conference agrees, recalling an incident where the insurance company chose the cheaper route of paying the ransom rather than recovering from backups which were available:

“They called the insurance company to try to do the forensics to not pay… the insurance company said they’re experienced at negotiating with ransomware syndicates, getting the price down and it’s going to be a lot cheaper to pay”, stated Payton.

This isn’t the first of such anecdotes that I have heard, or read. Lake City, Florida City Manager Joseph Helfenberger ran into a similar issue when it’s insurance company opted to pay $460,000 in ransom rather than more than an estimated $1 million for a prolonged recovery from backups which would exceed the coverage limit.

Nation-states and organized crime are emboldened by these payouts, having learned that organizations that have cyber insurance are more likely to pay the ransomware bill than an incident recovery bill. Paying the demanded sums is not only encouraging more of such attacks but is directly funding these criminal enterprises who will reinvest in conducting further attacks on more targets.

If you pay the criminals now, what happens in the future?

In the end, nobody but the targetted business can decide what decision is right for them — this is what I preach and practice. My hope is that the market will make such payments untenable for those insured due to increased deductibles and coverage costs and we can keep the insurance companies out of this decision process.

Cyber-insurance, in the end, won’t get your customers to trust your business again. You can’t put a dollar on the public perception of your company. The best insurance is a solid Cybersecurity Program that addresses ransomware and other risks to your business. Find out more about how Timberwolf Information Security can help at https://www.timberwolfinfosec.com.