Ransomware has emerged as nefarious cyber threat causing tremendous damage to companies and consumers. With the meteoric rise in ransomware attacks, many companies have purchased cyber insurance policies.
Researchers at security company WatchGuard Technologies said as the need for cyber insurance rises, there is an increased risk that this will encourage criminals to target companies with extortion insurance to demand increased payments.
According to Corey Nachreiner, CTO at WatchGuard Technologies: “We find it concerning that insurers sometimes pay ransoms to recover their customers’ data. While we understand the business decision, insurers currently have no long-term actuarial data for cyber incidents and ransomware. It is possible that paying ransoms will encourage this criminal business model and increase the number of incidents insurers have to handle or the cost of ransoms.”
As most studies show that at least one-third of ransomware victims already pay, smart ransomware authors will target insurers to identify organisations with extortion insurance, and then attack them directly.
WatchGuard Technologies believe that savvy cybercriminals will seek to exploit those companies with cyber insurance. They will become priority targets as the cybercriminals will be sure of a payday.
They are expecting SMEs “to continue to adopt extortion insurance in 2018 but cyber insurance should not replace security controls and best practices ;We predict that insurance providers will start to implement guidelines that require companies to have strong security controls in place as a prerequisite. When combined with other layers of security, cyber insurance is a great addition to your cyber security strategy.”