Businesses are increasingly concerned about how they will meet ransomware demands but lack sufficient cyber insurance coverage, according to a July 2022 online survey of 450 IT decision-makers conducted by BlackBerry.

Key takeaways from BlackBerry's "Cyber Insurance Coverage" study include:

  • 81% of IT decision-makers said their businesses do not have ransomware coverage limits above $600,000. This is less than the median ransomware demand of $2.2 million reported by the Palo Alto Networks Unit 42 cybersecurity research division.
  • 51% said they hoped the government would cover cyberattack damages if attacks are linked to other nation-states.
  • 37% said they are not currently covered for any ransomware payment demands.

Meanwhile, the study revealed 14 percent of businesses with fewer than 1,500 employees have a ransomware coverage limit in excess of $600,000. Fifty percent of these businesses said they hoped the government would provide financial aid to cover damages for all ransomware incidents.

Many IT Decision-Makers Believe 'Cyber Risk Is Business Risk'

"Cyber risk is business risk" in the eyes of many IT decision-makers, according to the BlackBerry study. Sixty-eight percent of IT decision-makers said they "are likely" to reassess a partner or supplier agreement because of their cybersecurity practices. Also, 60% said they would reconsider a partnership or agreement with another business or supplier if the organization lacked "comprehensive cyber insurance."

Furthermore, there is a direct correlation between cybersecurity best practices and cyber insurance, BlackBerry indicated. As such, successful implementation of cybersecurity technologies often leads a company to keep cyber insurance or "get it in the first place."

EDR Is Key to Obtain Cyber Coverage

More cyber insurance companies than ever before are requiring businesses to implement endpoint detection and response (EDR) technologies to obtain coverage, the BlackBerry study showed. Thirty-four percent of IT decision-makers said their businesses were previously denied cyber coverage since they did not meet EDR eligibility requirements.

BlackBerry also found that IT decision-makers that purchased cyber insurance for their companies were "notably more satisfied" with the value of their EDR software than others. These decision-makers were "more confident" in their ability to protect against ransomware and other cyber threats as well.