Ransomware Attacks Are Still Widespread — Fueled By Cyber Insurance

With ransomware a top security concern for most cybersecurity teams, the cost of cybersecurity insurance is making its way into the annual budgeting process for CFOs around the globe. While ransomware is not a new cyber-threat, largely entering the cybersecurity scene in 2016 and 2017 with high-profile attacks, reesearch conducted by ESG reveals that a majority of organizations continued to experience ransomware attacks in 2019, representing a concern for both business and IT leadership.

The research further revealed the prominence of cybersecurity insurance policies, and the relationship between ransomware payouts and those companies that hold these policies. A subset of organizations with cybersecurity insurance report that their providers are advising, and possibly even pressuring, them to pay cyber ransoms, further fueling the success rates and the economy built around ransomware. This disturbing trend sets the stage for the continuance of ransomware, and an opportunity for criminals to exploit those organizations that have engaged with cybersecurity insurance companies.

The ransomware economy stretches well beyond the cryptocurrency that attackers are extorting from both companies and the public sector. Cybersecurity insurance is growing at an equally disturbing pace, along with the many ransomware-targeted security controls that endpoint and data protection vendors are bringing to market to help organizations protect themselves from attacks. Further contributing to this economy are the outside incident response vendors and legal practices that are helping companies understand and recover from successful ransomware attacks.

I’m a big analogies guy, so I’ll liken this to the use of radar in the automotive industry: As vendors equipped law enforcement with speed-measuring radar guns, it spawned an opportunity for the sales of radar detectors to alert drivers to “speed-traps.” As radar was further used in additional applications including automatic door openers, collision detection systems, and more, new advances were required to filter out the noise, further fueling the economy built around the radar industry.

Ransomware is following a similar pattern: Software developers are building and selling ransomware to criminals. Criminals are using the ransomware to extort funds from organizations of all types. Cybersecurity insurance companies are selling insurance policies to protect against attacks. Cybersecurity software companies are building and licensing software to protect against attacks. Data loss protection (DLP) vendors are building and selling specialized solutions to enable data to be safeguarded and restored in the event of ransomware attacks. Incident response companies are helping victims understand and recover from attacks.

With all the positive focus on helping organizations protect against and recover from attacks, ransomware and the economy surrounding it appear to be here to stay. ESG research tells us that this story is only getting worse, with 48% of companies investing in cybersecurity insurance policies, and nearly two-thirds (60%) of organizations experiencing a ransomware attack in 2019. While successful phishing attacks far outweigh successful ransomware attacks, most organizations say that ransomware presents a higher risk.

To learn more about what organizations say about ransomware and how cybersecurity insurance is impacting the ransomware economy, download my free brief, Ransomware Still Rampant, Fueled by Insurance Companies.

Author Dave Gruber is senior cybersecurity analyst at Enterprise Strategy Group (ESG). Read more ESG blogs here.