Content, Channel partners, Content

BlackBerry Study: Most SMBs Have Less Than $600K in Ransomware Coverage

Abstract umbrella form lines and triangles, point connecting network on blue background. Illustration vector

Businesses are increasingly concerned about how they will meet ransomware demands but lack sufficient cyber insurance coverage, according to a July 2022 online survey of 450 IT decision-makers conducted by BlackBerry.

Key takeaways from BlackBerry's "Cyber Insurance Coverage" study include:

  • 81% of IT decision-makers said their businesses do not have ransomware coverage limits above $600,000. This is less than the median ransomware demand of $2.2 million reported by the Palo Alto Networks Unit 42 cybersecurity research division.
  • 51% said they hoped the government would cover cyberattack damages if attacks are linked to other nation-states.
  • 37% said they are not currently covered for any ransomware payment demands.

Meanwhile, the study revealed 14 percent of businesses with fewer than 1,500 employees have a ransomware coverage limit in excess of $600,000. Fifty percent of these businesses said they hoped the government would provide financial aid to cover damages for all ransomware incidents.

Many IT Decision-Makers Believe 'Cyber Risk Is Business Risk'

"Cyber risk is business risk" in the eyes of many IT decision-makers, according to the BlackBerry study. Sixty-eight percent of IT decision-makers said they "are likely" to reassess a partner or supplier agreement because of their cybersecurity practices. Also, 60% said they would reconsider a partnership or agreement with another business or supplier if the organization lacked "comprehensive cyber insurance."

Furthermore, there is a direct correlation between cybersecurity best practices and cyber insurance, BlackBerry indicated. As such, successful implementation of cybersecurity technologies often leads a company to keep cyber insurance or "get it in the first place."

EDR Is Key to Obtain Cyber Coverage

More cyber insurance companies than ever before are requiring businesses to implement endpoint detection and response (EDR) technologies to obtain coverage, the BlackBerry study showed. Thirty-four percent of IT decision-makers said their businesses were previously denied cyber coverage since they did not meet EDR eligibility requirements.

BlackBerry also found that IT decision-makers that purchased cyber insurance for their companies were "notably more satisfied" with the value of their EDR software than others. These decision-makers were "more confident" in their ability to protect against ransomware and other cyber threats as well.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.