It’s unavoidable, as more organizations add cyber insurance coverage, cybercriminals are going to be interested and look for ways to take advantage. Cybercriminals may assume that, if a company they attack is insured, the claim will get paid. Investigators are even seeing scenarios where criminals are compromising companies, obtaining their insurance coverage information as part of their surveying, and then aligning their ransomware terms to the policy details so their demands result in the victim organizations being reimbursed. In doing so, criminals reason this increases the probability of payment, since the victim knows the insurer will ultimately pay for the ransom.
It is up to the client, not the carrier, to ultimately decide if they will pay the ransom. Brian Thornton, CEO of ProWriters, shared that they “have seen a recent reduction in ransom payments — possibly due to companies having better segmentation and backups and not needing to pay the ransom to restore operations. Also, as more cyber criminals are being added to the OFAC list, that would not allow a company or insurer to pay a ransom.”
The goal is to protect all data in your environment, but it is important to put extra emphasis on protecting your cyber insurance policy information.